Versions (5)
Version DetailsCurrent
Rev: 1 • Oct 29, 2023, 12:00 PMET EXPLOIT Citrix ADC and NetScaler Gateway Information Disclosure - Successful Response (CVE-2023-4966)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET EXPLOIT Citrix ADC and NetScaler Gateway Information Disclosure - Successful Response (CVE-2023-4966)"; flow:established,to_client; flowbits:isset,ET.CVE-2023-4966.LeakAttempt; http.stat_code; content:"200"; http.content_type; content:"application/json"; startswith; http.response_body; content:"|7b 22|issuer|22 3a 20 22|http"; startswith; fast_pattern; content:!"|22 2c 20 22|authorization_endpoint"; within:20000; reference:url,www.assetnote.io/resources/research/citrix-bleed-leaking-session-tokens-with-cve-2023-4966; reference:cve,2023-4966; classtype:successful-admin; sid:2048932; rev:1; metadata:attack_target Web_Server, created_at 2023_10_29, cve CVE_2023_4966, deployment Perimeter, deployment SSLDecrypt, performance_impact Low, confidence High, signature_severity Critical, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_10_29, reviewed_at 2023_10_29, mitre_tactic_id TA0007, mitre_tactic_name Discovery, mitre_technique_id T1082, mitre_technique_name System_Information_Discovery; target:src_ip;)
Oct 29, 2023, 12:00 PM
Oct 29, 2023, 12:00 PM
Sep 21, 2024, 3:00 AM
Aug 18, 2025, 8:35 PM
rules/emerging-exploit.rules