alert http any any -> $HTTP_SERVERS any (msg:"ET EXPLOIT Possible Citrix Application Delivery Controller Arbitrary Code Execution Attempt (CVE-2019-19781) M2"; flow:established,to_server; content:"/vpns/"; http_uri; fast_pattern; content:"|0d 0a|NSC_USER|3a 20|"; http_header; content:"|0d 0a|NSC_NONCE|3a 20|"; http_header; content:"/../"; http_header; reference:url,support.citrix.com/article/CTX267679; reference:cve,2019-19781; classtype:attempted-admin; sid:2029255; rev:1; metadata:affected_product Web_Server_Applications, attack_target Server, deployment Perimeter, signature_severity Critical, created_at 2020_01_13, updated_at 2020_01_13;)

Added 2020-01-13 13:17:34 UTC


Topic revision: r1 - 2020-01-13 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats