ET EXPLOIT Citrix Application Delivery Controller Arbitrary Code Execution Attempt Scanner Attempt - Server Response (CVE-2019-19781)

7.0.35.0SID: 2035111Rev: 3Enabled9 views
Sourceet/open
Fileemerging-exploit.rules
CreatedFebruary 5, 2022
UpdatedApril 25, 2024
Classificationattempted-admin
alert http $HTTP_SERVERS any -> any any (msg:"ET EXPLOIT Citrix Application Delivery Controller Arbitrary Code Execution Attempt Scanner Attempt - Server Response (CVE-2019-19781)"; flow:established,to_client; http.stat_code; content:"200"; http.response_header; header_lowercase; content:"via|3a 20|NS-CACHE-"; startswith; http.response_body; content:"|5b|global|5d|"; startswith; content:"encrypt passwords"; distance:0; fast_pattern; reference:url,github.com/trustedsec/cve-2019-19781; reference:cve,2019-19781; classtype:attempted-admin; sid:2035111; rev:3; metadata:attack_target Server, created_at 2022_02_05, cve CVE_2019_19781, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag Exploit, tag CISA_KEV, updated_at 2024_04_25, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application;)

Metadata

attack targetServer
created at2022_02_05
deploymentInternal
confidenceHigh
signature severityMajor
tagCISA_KEV
updated at2024_04_25
mitre tactic idTA0001
mitre tactic nameInitial_Access
mitre technique idT1190
mitre technique nameExploit_Public_Facing_Application

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!