ET EXPLOIT Possible Citrix Application Delivery Controller Arbitrary Code Execution Attempt (CVE-2019-19781) M2

SID: 2029255Rev: 35 viewsHistory

Sourceet/open

CreatedJanuary 13, 2020

UpdatedNovember 10, 2020

Classificationattempted-admin

alert http any any -> $HTTP_SERVERS any (msg:"ET EXPLOIT Possible Citrix Application Delivery Controller Arbitrary Code Execution Attempt (CVE-2019-19781) M2"; flow:established,to_server; http.uri; content:"/vpns/"; fast_pattern; http.header; content:"|0d 0a|NSC_USER|3a 20|"; nocase; content:"|0d 0a|NSC_NONCE|3a 20|"; nocase; content:"/../"; reference:url,support.citrix.com/article/CTX267679; reference:cve,2019-19781; classtype:attempted-admin; sid:2029255; rev:3; metadata:affected_product Web_Server_Applications, attack_target Server, created_at 2020_01_13, cve CVE_2019_19781, deployment Perimeter, confidence Medium, signature_severity Critical, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_11_10;)

References

url	support.citrix.com/article/CTX267679
cve	2019-19781

Metadata

affected productWeb_Server_Applications

attack targetServer

created at2020_01_13

cveCVE-2019-19781

deploymentPerimeter

confidenceMedium

signature severityCritical

tagDescription_Generated_By_Proofpoint_Nexus

updated at2020_11_10

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!