Rule Content
- title: Citrix Netscaler, Application Delivery Controller and Citrix Gateway Attack
CVE-2019-19781
description: Detects CVE-2019-19781 exploitation attempt - URI contains /vpn/../vpns/
id: ac5a6409-8c89-44c2-8d64-668c29a2d756
references:
- https://support.citrix.com/article/CTX267679
- https://support.citrix.com/article/CTX267027
author: Arnim Rupp
status: experimental
date: 2020/01/02
logsource:
category: webserver
product: null
service: null
detection:
selection:
c-uri-path: '*/vpn/../vpns/*'
condition: selection
fields:
- client_ip
- vhost
- url
- response
falsepositives:
- Unknown
level: critical