LFI

LD-Passwd Found in Requested URL - Possible LFI Attack

April 2, 2026

SOC SIEM EDR Log Analysis Web Attack LFI Path Traversal No Escalation True Positive AbuseIPDB VirusTotal

An external Tencent Cloud IP sent a single LFI request targeting /etc/passwd via path traversal. The server returned HTTP 500 with an empty response body, confirming the attack did not succeed.

LD-Arbitrary File Read on Checkpoint Security Gateway (CVE-2024-24919)

March 31, 2026

SOC SIEM EDR Log Analysis Web Attack CVE-2024-24919 Escalation to L2 True Positive Path Traversal LFI AbuseIPDB VirusTotal

An attacker exploited CVE-2024-24919 against a Check Point Security Gateway, successfully reading /etc/passwd via a path traversal payload. A second request targeting /etc/shadow from a related IP was blocked. The attack succeeded and the endpoint was escalated to Tier 2.

↑