ET EXPLOIT Possible Citrix Application Delivery Controller Arbitrary Code Execution Attempt (CVE-2019-19781) M2
Sourceet/open
Fileemerging-exploit.rules
CreatedJanuary 13, 2020
UpdatedApril 22, 2024
Classificationattempted-admin
alert http any any -> $HTTP_SERVERS any (msg:"ET EXPLOIT Possible Citrix Application Delivery Controller Arbitrary Code Execution Attempt (CVE-2019-19781) M2"; flow:established,to_server ; http.uri; content:"/vpns/"; fast_pattern; http.request_header; header_lowercase; content:"nsc_user|3a 20|"; startswith; content:"/../"; http.header_names; to_lowercase; content:"|0d 0a|nsc_nonce|0d 0a|"; content:"|0d 0a|nsc_user|0d 0a|"; reference:url,support.citrix.com/article/CTX267679 ; reference:cve,2019-19781 ; classtype:attempted-admin; sid:2029255; rev:4; metadata:affected_product Web_Server_Applications, attack_target Server, created_at 2020_01_13, cve CVE_2019_19781, deployment Perimeter, confidence Medium, signature_severity Critical, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_04_22;)
References
Metadata
affected productWeb_Server_Applications
attack targetServer
created at2020_01_13
deploymentPerimeter
confidenceMedium
signature severityCritical
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_04_22
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!