Pulse Secure Attack CVE-2019-11510
Detects CVE-2019-11510 exploitation attempt - URI contains Guacamole
Sigma rule (View on GitHub)
1title: Pulse Secure Attack CVE-2019-11510
2id: 2dbc10d7-a797-49a8-8776-49efa6442e60
3status: test
4description: Detects CVE-2019-11510 exploitation attempt - URI contains Guacamole
5references:
6 - https://www.exploit-db.com/exploits/47297
7author: Florian Roth (Nextron Systems)
8date: 2019-11-18
9modified: 2023-01-02
10tags:
11 - attack.initial-access
12 - attack.t1190
13 - cve.2019-11510
14 - detection.emerging-threats
15logsource:
16 category: webserver
17detection:
18 selection:
19 cs-uri-query: '*?/dana/html5acc/guacamole/*'
20 condition: selection
21fields:
22 - client_ip
23 - vhost
24 - url
25 - response
26falsepositives:
27 - Unknown
28level: critical
References
-
Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN - Arbitrary File Disclosure (Metasploit). CVE-2019-11510 . webapps exploit for Multiple platform
Read More
Related rules
- ADSelfService Exploitation
- Apache Spark Shell Command Injection - Weblogs
- Arcadyan Router Exploitations
- Atlassian Bitbucket Command Injection Via Archive API
- CVE-2010-5278 Exploitation Attempt