来自 安全 2021-10-12 17:00 的文章

高防cdn_美国高防封ip_零元试用

高防cdn_美国高防封ip_零元试用

Citrix urges customers to apply mitigation steps for CVE-2019-19781, a remote code execution vulnerability exploitable through specially crafted HTTP requests to vulnerable devices. Background Citrix has released an advisory for CVE-2019-19781, a vulnerability in Citrix Application Delivery Controller (ADC) and Citrix Gateway that could allow an unauthenticated attacker to execute code on the affected devices. Users are encouraged to apply the provided mitigation steps as quickly as possible. Analysis While Citrix does not detail the exact nature of the vulnerability in the advisory, the recommended mitigation steps seem to block HTTP based VPN requests with additional components that could potentially contain code. This implies that there is unsanitized code in the VPN handler for these devices. The mitigation, therefore checks for incoming HTTP-based VPN requests, and sends a 403 FORBIDDEN response whenever requests with the exploit format are detected. According to Citrix, the following devices are identified as vulnerable: Citrix ADC and Citrix Gateway version 13.0 all supported builds Citrix ADC and NetScaler Gateway version 12.1 all supported builds Citrix ADC and NetScaler Gateway version 12.0 all supported builds Citrix ADC and NetScaler Gateway version 11.1 all supported builds Citrix NetScaler ADC and NetScaler Gateway version 10.5 all supported builds 解决方案 Depending on an organization's device setup, mitigation options are listed for each Citrix device configuration to mitigate this vulnerability. Citrix has stated that an update will be available at a later date, at which time users can remove the mitigation and upgrade. 识别受影响的系统 A list of Tenable plugins to identify this vulnerability will appear here as they’re released. 获取更多信息 Citrix Advisory for CVE-2019-19781 Mitigation Steps for CVE-2019-19781 加入 Tenable Community 中的 Tenable 安全响应团队 了解有关 Tenable 这款首创 Cyber Exposure 平台的更多信息,防御ddos软件,cdn防御cc,ddos攻击防御技术,美国高防cdn,全面管理现代攻击面。 获取 30 天免费试用版 Tenable.io Vulnerability Management。

,防御ddos和cc攻击