This signature detects attempts at downloading PDF documents. While not a vulnerability in and of itself, some environments may wish to enforce a policy of not allowing PDF documents, or they may wish to temporarily disallow PDF documents due to new vulnerabilities being announced, or other concerns like this. Great care must be used in determining if this signature meets corporate guidance, and if this will negatively affect the end users or not.
There are no suggested filters.
This signature detects HTTP download requests for PDF files, which can be entirely legitimate behaviour. The sensor can not determine if the file will be handled by a vulnerable browser extension or reader at all.
It is entirely possible that end users have legitimate requirements to be able to download PDF Documents, and this should be strongly considered before enabling this signature and using it to block traffic.
LEGAL DISCLAIMER THE INFORMATION ON THIS PAGE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION CONTAINED HEREIN, OR MATERIALS LINKED FROM THE DOCUMENT, IS AT YOUR OWN RISK. INFORMATION IN THIS DOCUMENT AND ANY RELATED COMMUNICATIONS IS BASED ON OUR KNOWLEDGE AT THE TIME OF PUBLICATION AND IS SUBJECT TO CHANGE WITHOUT NOTICE. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.