security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e9ed7d05e1e925a89fc0c8bcbbbeaca4dcbb88dd
blue-team-tools/rules/web/web_cve_2019_11510_pulsesecure_exploit.yml
T
Nasreddine Bencherchali f527b8eb4c Rename Web CVE Rules 
Renamed WEB CVE rules to the format "web_cve_20XX_XXXX_rest_of_name"
2022-06-14 19:22:26 +01:00

27 lines
563 B
YAML
Raw Blame History

title: Pulse Secure Attack CVE-2019-11510
id: 2dbc10d7-a797-49a8-8776-49efa6442e60
status: test
description: Detects CVE-2019-11510 exploitation attempt - URI contains Guacamole
author: Florian Roth
references:
- https://www.exploit-db.com/exploits/47297
date: 2019/11/18
modified: 2021/11/27
logsource:
category: webserver
detection:
selection:
c-uri: '*?/dana/html5acc/guacamole/*'
condition: selection
fields:
- client_ip
- vhost
- url
- response
falsepositives:
- Unknown
level: critical
tags:
- attack.initial_access
- attack.t1190
Reference in New Issue View Git Blame Copy Permalink