imac_105647
Jan 06, 2010Nimbostratus
XML comment triggers an attack signature
Hello,
Can anyone tell me why a comment in an XML POST is seen as an attack?
The only thing I've found so far is the use of comments to help generating the correct checksum on signed content.
Here is a sample of the troublesome XML, take out the comment and the problem goes away:
1972-05-01
Employed
M
false
This triggers the attack signature:
Comments (2) 200016001