Folks,
Looking for some guidance on how to address this alert, which is for
legitimate traffic, without disabling XSS detection all together.
## Alert Messages ##
Cross-site Scripting (XSS) Attack Warning. Pattern match
"(?:\b(?:(?:type\b\W*?\b(?:text\b\W*?\b(?:j(?:ava)?|ecma|vb)|application\b\W*?\bx-(?:java|vb))script|c(?:opyparentfolder|reatetextrange)|get(?:special|parent)folder|iframe\b.{0,100}?\bsrc)\b|on(?:(?:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)|key(?:press|d
..." at ARGS:edocs.request.paper.link.
Cross-site Scripting (XSS) Attack Warning. Pattern match
"(?:\b(?:(?:type\b\W*?\b(?:text\b\W*?\b(?:j(?:ava)?|ecma|vb)|application\b\W*?\bx-(?:java|vb))script|c(?:opyparentfolder|reatetextrange)|get(?:special|parent)folder|iframe\b.{0,100}?\bsrc)\b|on(?:(?:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)|key(?:press|d
..." at ARGS:edocs.stylesheet.
## Request Details ##
POST /mic/request HTTP/1.1Accept: image/gif, image/x-xbitmap,
image/jpeg, image/pjpeg, application/x-shockw \
ave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint,
application/m \
sword, */*
Referer: http://www.voterboxonline.com/mic/request
Accept-Language: en-us
Content-Type: application/x-www-form-urlencoded
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR
1.1.4322; \
.NET CLR 2.0.50727)
Host: http://www.voterboxonline.com
Content-Length: 4916
Connection: Keep-Alive
Cache-Control: no-cache
Cookie:
com.voterbox.web.mgmt.logincookie=userid:mdickens@...
\
rd:m5c4mi9D&remember:1&;
com.voterbox.web.mgmt.authenticationcookie=db07f6884d3dff \
feb3c193c9d88f8a1b;
B100Serverpoolcookie=100856330.1.3631926272.294997057; JSESSI \
ONID=7446D17F008ECA06BBD1493359366F3E
edocs.active.voting=%3Cp%3E%3Cstrong%3E%3Cfont+size%3D%222%22%3EYour+vote+is+IMP
\
ORTANT.+To+vote+your+proxy+online+NOW%2C+click+%3C%2Ffont%3E%3Ca+target%3D%22_bl
\
ank%22+href%3D%22https%3A%2F%2Fwww.proxypush.com%2Fmu%22%3E%3Cstrong%3E%3Cfont+s
\
ize%3D%222%22%3Ehere%3C%2Ffont%3E%3C%2Fstrong%3E%3C%2Fa%3E%3Cfont+size%3D%222%22
\
%3E.+Or%2C+you+may+vote+by+phone+by+dialing+1+866+XXX+XXXX.%3C%2Ffont%3E++%3C%2F
\
strong%3E%3C%2Fp%3E&edocs.custom.issuer.content=%3Cp%3E+%3Cfont+size%3D%221%22%3
\
E%3Cstrong%3E%3Cimg+class%3D%22%22+height%3D%2270%22+alt%3D%22%22+width%3D%2288%
\
22+src%3D%22%2Fbranding%2F962304%2Fen%2FUS%2Fimages%2Fmicronbuilding.jpg%22+%2F%
\
3E%3Cbr+%2F%3E%3Cbr+%2F%3E%3C%2Fstrong%3E%3C%2Ffont%3EMicron+is+one+of+the+world
\
%27s+leading+providers+of+advanced+semiconductor+solutions.+Micron%92s+DRAM+and+
\
Flash+components+are+used+in+today%92s+most+advanced+computing%2C+networking%2C+
\
and+communications+products%2C+including+computers%2C+workstations%2C+servers%2C
\
+cell+phones%2C+wireless+devices%2C+digital+cameras%2C+and+gaming+systems.+%0D%0
\
A%0D%0A&edocs.custom.issuer.title=About+Micron&edocs.request.paper.content=%3Cp%
\
3ETo+receive+a+paper+copy+of+the+proxy+material%2C+you+may+make+your+election+by
\
+phone%2C+email+or+internet%3A%3C%2Fp%3E%3Cp%3EInternet%3A+%3Ca+target%3D%22blan
\
k%22+href%3D%22https%3A%2F%2Fwww.investorelections.com%2Fmu%22%3Ewww.investorele
\
ctions.com%2Fmu%3C%2Fa%3E%3Cbr+%2F%3EEmail%3A++%3Ca+href%3D%22mailto%3Apaper@...
\
estorelections.com%22%3Epaper@...
\
ne%3A+866+XXX+XXXX%3C%2Fp%3E&edocs.request.paper.link=%3Cp%3EClick+%3Ca+href%3D%
\
22javascript%3AopenPopup%28%27request%3Fb%3DMU%26cid%3D962304%26page%3Drequest_p
\
aper%27%2C%27cpaper%27%2C350%2C275%29%3B%22%3Ehere%3C%2Fa%3E+to+learn+how+to+req
\
uest+paper+material.&edocs.stylesheet=body+%7B%0D%0A%09background-image%3A+url%2
\
8..%2Fimages%2Fbgrd_body.jpg%29%3B%0D%0A%09background-repeat%3A+repeat-x%3B%0D%0
\
A%09background-position%3A+top%3B%0D%0A%09background-color%3A+%239A9A9A%3B%0D%0A
\
%09font-family%3A+Verdana%2C+Arial%2C+Helvetica%2C+sans-serif%3B%0D%0A%09font-si
\
ze%3A+10px%3B%0D%0A%7D%0D%0A.vendorheader+%7B%0D%0A%09font-family%3A+%22Arial+Na
\
rrow%22%2C+Arial%2C+verdana%3B%0D%0A%09font-size%3A+24px%3B%0D%0A%09font-weight%
\
3A+normal%3B%0D%0A%09color%3A+%24%21vendorheader_color%3B%0D%0A%7D%0D%0A%0D%0Ap%
\
2C+table%2C+td%2C+form%2C+input%2C+select+%7B%0D%0A%09font-family%3A+Verdana%2C+
\
Arial%2C+Helvetica%2C+sans-serif%3B%0D%0A%09font-size%3A+10px%3B%0D%0A%7D%0D%0A.
\
pageshell+%7B%0D%0A%09background-color%3A+%23FFFFFF%3B%0D%0A%09padding%3A+10px%3
\
B%0D%0A%09border%3A+1px+solid+%24%21pageshell_color%3B%0D%0A%7D%0D%0A.custom_con
\
tent+%7B%0D%0A%09font-family%3A+Verdana%3B%0D%0A%09font-size%3A+10px%3B%0D%0A+++
\
background-color%3A+%23DDDDDD%3B%0D%0A%7D%0D%0A%0D%0A.table_title+%7B%0D%0A%09fo
\
nt-family%3A+Verdana%3B%0D%0A%09font-size%3A+11pt%3B%0D%0A%09font-weight%3A+bold
\
%3B%0D%0A+++border%3A+1+px+solid+black%3B%0D%0A+++background-color%3A+%2300377E%
\
3B%0D%0A+++color%3A+white%3B%0D%0A%0D%0A%7D%0D%0A.table_header+%7B%0D%0A%09font-
\
size%3A+10pt%3B%0D%0A%09font-weight%3A+bold%3B%0D%0A+++border%3A+1+px+solid+blac
\
k%3B%0D%0A+++background-color%3A+%23DDDDDD%3B%0D%0A+++color%3A+black%3B%0D%0A%7D
\
%0D%0A%0D%0A.table_group+%7B%0D%0A%09font-size%3A+9pt%3B%0D%0A%09font-weight%3A+
\
bold%3B%0D%0A+++color%3A+%2300377E%3B%0D%0A%7D%0D%0A%0D%0A.table_col1%2C+.table_
\
col2%2C+a.table_col2%2C+.table_col3%2C+.table_col4%0D%0A%7B%0D%0A%09font-size%3A
\
+8pt%3B%0D%0A%09font-weight%3A+normal%3B%0D%0A+++color%3A+%23AA0031%3B%0D%0A%7D%
\
0D%0A%0D%0A.subheader+%7B%0D%0A%09font-family%3A+Arial%2C+Helvetica%2C+sans-seri
\
f%3B%0D%0A%09font-size%3A+18px%3B%0D%0A%7D%0D%0A%0D%0Aa%3Alink%2C+a%3Aactive%2C+
\
a%3Avisited+%7B%0D%0A%09text-decoration%3A+none%3B%0D%0A%09color%3A+%24%21a_colo
\
r%3B%0D%0A%7D%0D%0Aa%3Ahover+%7B%0D%0A%09color%3A+%24%21a_color%3B%0D%0A%09text-
\
decoration%3A+underline%3B%0D%0A%7D%0D%0A.subheader2+%7B%0D%0A%09font-family%3A+
\
Arial%2C+Helvetica%2C+sans-serif%3B%0D%0A%09font-size%3A+14px%3B%0D%0A%09font-we
\
ight%3A+bold%3B%0D%0A%09color%3A+%24%21subheader2_color%3B%0D%0A%7D%0D%0A.subsec
\
tion+%7B%0D%0A%09border%3A+1px+double+%24%21subsection_color%3B%0D%0A%7D%0D%0A.r
\
edalert+%7B%0D%0A%09font-weight%3A+bold%3B%0D%0A%09color%3A+%23FF0000%3B%0D%0A%7
\
D%0D%0A.active_voting+%0D%0A%7B%0D%0A%09font-family%3A+Arial%2C+Helvetica%2C+san
\
s-serif%3B%0D%0A%09font-size%3A+14px%3B%0D%0A%09font-weight%3A+normal%3B%09%0D%0
\
A%09color%3A+red%3B%0D%0A%09border%3A+2px+double+red%3B%0D%0A+++border-style%3A+
\
outset%3B%0D%0A%09padding%3A+8px%3B%0D%0A%7D&edocs.banner.line.break=1&edocs.log
\
o.filename=client_logo.jpg&edocs.table.title=Investor+Packet&site.disabled.messa
\
ge=Site+disabled+-+please+try+again+later&site.enabled=1&edocs.broker.active.vot
\
ing=&edocs.broker.request.paper.content=&edocs.broker.request.paper.link=&edocs.
\
custom.copyright=&edocs.custom.footer=&SECTION=ADM&PAGE=BrandingMGMT&clientid=96
\
2304&action=save&propertygroup=edocs
--
Clayton Taylor Dillard
Network Security Enthusiast
Aim for the truth - it works!
|