security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
Files
3da07164ce0d651bf72691bac1cfcafbf20249de
blue-team-tools/rules/web/web_cve_2019_11510_pulsesecure_exploit.yml
T
frack113 41c850e00b Use W3C cs-uri-query
2023-01-02 18:45:50 +01:00

27 lines
596 B
YAML
Raw Blame History

title: Pulse Secure Attack CVE-2019-11510
id: 2dbc10d7-a797-49a8-8776-49efa6442e60
status: test
description: Detects CVE-2019-11510 exploitation attempt - URI contains Guacamole
references:
- https://www.exploit-db.com/exploits/47297
author: Florian Roth
date: 2019/11/18
modified: 2023/01/02
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri-query: '*?/dana/html5acc/guacamole/*'
condition: selection
fields:
- client_ip
- vhost
- url
- response
falsepositives:
- Unknown
level: critical
Reference in New Issue View Git Blame Copy Permalink