CVE-2023-4966 Potential Exploitation Attempt - Citrix ADC Sensitive Information Disclosure - Proxy

Rule Info

Name
CVE-2023-4966 Potential Exploitation Attempt - Citrix ADC Sensitive Information Disclosure - Proxy
Author
Nasreddine Bencherchali (Nextron Systems), Michael Haag (STRT)
Description
Detects potential exploitation attempt of CVE-2023-4966 a Citrix ADC and NetScaler Gateway sensitive information disclosure vulnerability via proxy logs.
Reference
https://support.citrix.com/article/CTX579459/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20234966-and-cve20234967
Date
2023-11-28 00:00:00
Modified
None
Id
ff349b81-617f-4af4-924f-dbe8ea9bab41
Tags
attack.initial-access attack.t1190 cve.2023-4966 detection.emerging-threats
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=ff349b81-617f-4af4-924f-dbe8ea9bab41
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022