[Emerging-Sigs] CVE-2019-19781

Jason Williams jwilliams at emergingthreats.net
Mon Dec 30 08:32:02 HST 2019


Yea, we looked at the detection logic found in the advisory (
https://support.citrix.com/article/CTX267679) last week and felt that it
would be prone to FPs, but we will get something out in the OPEN set for it
today.

Thanks!

Jason

On Mon, Dec 30, 2019 at 10:27 AM Jacob Roy <jacob.roy at masergy.com> wrote:

> Hello all,
>
> It looks like the Talos Ruleset might have added rules to check around the
> newly discovered Citrix Netscaler exploit CVE-2019-19781.
>
>  * 1:52513 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt (server-webapp.rules)
>  * 1:52512 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt (server-webapp.rules)
>
>
> Do you guys have an update on when ET Pro will have checks regarding this?
> Thanks!
>
> Regards,
>
> --
>
> <http://www.masergy.com> <https://www.masergy.com>
> <https://www.masergy.com>[image: Masergy Logo] <https://www.masergy.com>
>
> Jacob Roy
>
> Threat Intelligence Specialist
>
> p: 469-291-8102
>
> <https://www.linkedin.com/ADDYOURIDHERE/>
> <https://www.linkedin.com/company/16604/>
> <https://www.linkedin.com/company/16604/>[image: LinkedIn]
> <https://www.linkedin.com/company/16604/>
> <https://www.twitter.com/ADDYOURTWITTERHANDLE>
> <https://twitter.com/masergy>[image: Twitter]
> <https://twitter.com/masergy>
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at lists.emergingthreats.net
> https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>
> Support Emerging Threats! Subscribe to Emerging Threats Pro
> http://www.emergingthreats.net
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20191230/e279e5d8/attachment.html>


More information about the Emerging-sigs mailing list