IPS SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 CVE-2018-20062 Remote Code

Question

I have many IPS reports of this type: "IPS SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 CVE-2018-20062 Remote Code "
I don't understand if these attempts are effectively blocked, then in general do you have any recommendations to mitigate this vulnerability?

Added tags
[edited by: Raphael Alganes at 10:48 AM (GMT -8) on 20 Nov 2023]

Raphael Alganes · Answer

Hello LMSIIATO , 
 Thanks for reaching out to Sophos Community. 
 Could you check on your IPS logs if it is being blocked/dropped? If it is being dropped then Firewall is doing it's function and there should be no issue. 
 Regards,

Vivek Jagad · Answer

Hello LMSIIATO , Thank you for reaching out to the community, The Sophos Intrusion Prevention System shields the network from known attacks by matching the network traffic against the signatures in the IPS Signature Database. These signatures are developed to significantly increase detection performance and reduce the false alarms. As Raphael Alganes informed please check under the log viewer > IPS logs whether these signature is being dropped/blocked ? Because Sophos does protect against this vulnerability - you can check the release notes here IPSReleaseNotes :