Guest User

Fix for CVE-2019-19781

a guest
Dec 17th, 2019
835
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #CLI
  2. enable ns feature responder
  3. add responder action RespAct_403Forbidden respondwith "\"HTTP/1.1 403 Forbidden\""
  4. add responder policy RespPol_Fix_CVE-2019-19781 "HTTP.REQ.URL.DECODE_USING_TEXT_MODE.CONTAINS(\"/vpns/\") && (!CLIENT.SSLVPN.IS_SSLVPN || HTTP.REQ.URL.DECODE_USING_TEXT_MODE.CONTAINS(\"/../\"))" RespAct_403Forbidden
  5. bind responder global RespPol_Fix_CVE-2019-19781 1 END -type REQ_OVERRIDE
  6. save config
  7.  
  8. #Shell (Primary/Secondary)
  9. shell nsapimgr_wr.sh -ys skip_systemaccess_policyeval=0
  10. shell "echo 'nsapimgr_wr.sh -ys skip_systemaccess_policyeval=0' >> /nsconfig/rc.netscaler"
  11. reboot
RAW Paste Data