Hello, CVE-2019-11510: Pre-auth Arbitrary File Reading
https://nvd.nist.gov/vuln/detail/CVE-2019-11510 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101 https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/ Em qui, 12 de set de 2019 às 13:07, Nick Couchman <[email protected]> escreveu: > On Thu, Sep 12, 2019 at 11:40 AM Der PCFreak <[email protected]> > wrote: > >> Hi, >> >> by accident I found the following in my very reduced Apache SSL Error >> logs: >> >> ``` >> [Thu Sep 05 02:35:53 2019] [error] [client xxx.xxx.xxx.xxx] Invalid URI >> in request GET >> /dana-na/../dana/html5acc/guacamole/../../../../../../../etc/hosts?/dana/html5acc/guacamole/ >> >> HTTP/1.1 >> ``` >> >> The thing is, I do not host Guacamole to the public internet, neither on >> this machine. >> >> I just wanted to inform the list, that it might be the case that someone >> found a vulnerability in Guacamole and tries to find public vulnerable >> servers. >> >> > First, if you think you've found a vulnerability in Guacamole, please make > sure to report it responsibly: > > https://www.apache.org/security/ > > This involves reporting it *privately* to the project, not publicly on the > lists. > > That said, in your case, if your Guacamole instance is not hosted > publicly, then I would be concerned that whatever network it is hosted on > has something bad on it - the kind of attack you're seeing there looks less > like an attack specific to Guacamole and more like a generic case of > someone finding a valid URL and then trying to exploit a poorly-configured > system to get access to system-level files. The good news, for you, is > that it appears that your Apache server is seeing it as an invalid > request. The bad news is that something is trying to do it in the first > place. Whatever client is represented by the redacted "[client > xxx.xxx.xxx.xxx]" should probably be investigated for malware and/or threat > actors present on the system. > > -Nick >
