valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 01:45:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
b98e57603e
SigmaHQ/rules/web/web_citrix_cve_2019_19781_exploit.yml

23 lines
586 B
YAML
Raw Blame History

title: Citrix Netscaler, Application Delivery Controller and Citrix Gateway Attack CVE-2019-19781
description: Detects CVE-2019-19781 exploitation attempt - URI contains /vpn/../vpns/
references:
- https://support.citrix.com/article/CTX267679
- https://support.citrix.com/article/CTX267027
author: Arnim Rupp
status: experimental
date: 2020/01/02
logsource:
category: webserver
detection:
selection:
c-uri-path: '*/vpn/../vpns/*'
condition: selection
fields:
- client_ip
- vhost
- url
- response
falsepositives:
- Unknown
level: critical
Reference in New Issue View Git Blame Copy Permalink