PaloAlto firewall block Nextcloud mobile app because of CVE-2003-0245

Environment:
Nextcloud 28.0.5 from Docker Hub official image nextcloud:28.0.5-apache
Operating System: Red Hat Enterprise Linux release 9.3
Palo Alto firewall PA-5200 running version 10.2.9-H1

Our firewall is blocking incoming connections from Nextcloud mobile app (from Play Store or App Store) stating a threat related to CVE-2003-0245.

We can safely access our files using any web browser or Windows clients.

Have you guys seen somehing like that? I’m pretty lost since this CVE is about an old version of Apache and Nextcloud uses a much newer one.

Doesn’t look legitimate to me. You can check the package status at these locations for that CVE:

• CVE-2003-0245
• https://hub.docker.com/layers/library/nextcloud/28.0.5-apache/images/sha256-6da3c00a16a53209b1cde1bf3d9f5829dd62f9001a7b07d361b71563efa47f2f?context=explore

(that image is built on Debian bookworm).

What about the reverse proxy/HTTPS termination in front of your Nextcloud container? Wouldn’t that be the first thing PA would interact with?

Yes, that doesn’t look legitimate indeed. Our reverse proxy is running a Red Hat Apache 2.4. Also, Palo Alto technical support said the fw blocked the connection because of an attempt to run a xml code and the code is a call to open-cloud-mesh.org.

It’s very likelly to be a false alert. Thank you for your attention, jtr.