Pulse Secure Attack CVE-2019-11510
Detects CVE-2019-11510 exploitation attempt - URI contains Guacamole
Sigma rule (View on GitHub)
1title: Pulse Secure Attack CVE-2019-11510
2id: 2dbc10d7-a797-49a8-8776-49efa6442e60
3status: test
4description: Detects CVE-2019-11510 exploitation attempt - URI contains Guacamole
5references:
6 - https://www.exploit-db.com/exploits/47297
7author: Florian Roth (Nextron Systems)
8date: 2019/11/18
9modified: 2023/01/02
10tags:
11 - attack.initial_access
12 - attack.t1190
13 - cve.2019.11510
14 - detection.emerging_threats
15logsource:
16 category: webserver
17detection:
18 selection:
19 cs-uri-query: '*?/dana/html5acc/guacamole/*'
20 condition: selection
21fields:
22 - client_ip
23 - vhost
24 - url
25 - response
26falsepositives:
27 - Unknown
28level: critical
References
Related rules
- CVE-2010-5278 Exploitation Attempt
- CVE-2020-0688 Exchange Exploitation via Web Log
- CVE-2020-0688 Exploitation Attempt
- CVE-2020-10148 SolarWinds Orion API Auth Bypass
- CVE-2020-5902 F5 BIG-IP Exploitation Attempt