CVE-2023-4966 Exploitation Attempt - Citrix ADC Sensitive Information Disclosure - Webserver

Rule Info

Name
CVE-2023-4966 Exploitation Attempt - Citrix ADC Sensitive Information Disclosure - Webserver
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects exploitation attempt of CVE-2023-4966 a Citrix ADC and NetScaler Gateway sensitive information disclosure vulnerability via webserver logs by looking for a very long host header string.
Reference
https://support.citrix.com/article/CTX579459/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20234966-and-cve20234967
Date
2023-11-28 00:00:00
Modified
None
Id
a4e068b5-e27c-4f21-85b3-e69e5a4f7ce1
Tags
detection.emerging-threats attack.initial-access attack.t1190 cve.2023-4966
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=a4e068b5-e27c-4f21-85b3-e69e5a4f7ce1

Rule History

Author
Title
Date
Commit
github-actions[bot]
Merge PR #5027 from @nasbench - Promote older rules status from `experimental` to `test`
2024-10-01
08c52c367
Nasreddine Bencherchali
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12
598d29f81
Nasreddine Bencherchali
Merge PR #4583 from @nasbench - Add CVE-2023-4966 Related Rules
2023-11-28
1559c9d95
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022