HTTP: Pulse Secure Guacamole URI Information Disclosure
This signature detects attempts to exploit a known vulnerability against Pulse Secure. A successful attack can lead to sensitive information disclosure.
Extended Description
In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .
Affected Products
Ivanti connect_secure
References
BugTraq: 108073
CVE: CVE-2019-11510
URL: https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/
Short Name
HTTP:MISC:PULSE-GUACAMOLE-ID
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2019-11510 Disclosure Guacamole Information Pulse Secure URI bid:108073
Release Date
10/10/2019
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3682
False Positive
Unknown
Vendors
Ivanti
CVSS Score
7.5