alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Possible Attempted Microsoft Exchange RCE (CVE-2020-0688)"; flow:established,to_server; content:"GET"; http_method; urilen:>600; content:"/ecp/"; http_uri; depth:5; content:"__VIEWSTATEGENERATOR="; http_uri; distance:0; content:"__VIEWSTATE="; http_uri; distance:0; reference:url,www.thezdi.com/blog/2020/2/24/cve-2020-0688-remote-code-execution-on-microsoft-exchange-server-through-fixed-cryptographic-keyscve; reference:cve,2020-0688; reference:url,www.trustedsec.com/blog/detecting-cve-20200688-remote-code-execution-vulnerability-on-microsoft-exchange-server/; classtype:attempted-admin; sid:2029540; rev:3; metadata:affected_product Web_Server_Applications, attack_target SMTP_Server, created_at 2020_02_26, deployment Perimeter, deployment SSLDecrypt, former_category WEB_SPECIFIC_APPS, performance_impact Low, signature_severity Major, updated_at 2020_03_02;)

Added 2020-08-05 19:17:39 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Possible Attempted Microsoft Exchange RCE (CVE-2020-0688)"; flow:established,to_server; content:"GET"; http_method; urilen:>600; content:"/ecp/"; http_uri; depth:5; content:"__VIEWSTATEGENERATOR="; http_uri; distance:0; content:"__VIEWSTATE="; http_uri; distance:0; metadata: former_category WEB_SPECIFIC_APPS; reference:url,www.thezdi.com/blog/2020/2/24/cve-2020-0688-remote-code-execution-on-microsoft-exchange-server-through-fixed-cryptographic-keyscve; reference:cve,2020-0688; reference:url,www.trustedsec.com/blog/detecting-cve-20200688-remote-code-execution-vulnerability-on-microsoft-exchange-server/; classtype:attempted-admin; sid:2029540; rev:3; metadata:affected_product Web_Server_Applications, attack_target SMTP_Server, deployment Perimeter, deployment SSLDecrypt, signature_severity Major, created_at 2020_02_26, performance_impact Low, updated_at 2020_03_02;)

Added 2020-03-02 20:02:22 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Attempted Microsoft Exchange RCE (CVE-2020-0688)"; flow:established,to_server; content:"GET"; http_method; urilen:>600; content:"/ecp/default.aspx"; http_uri; depth:17; content:"__VIEWSTATEGENERATOR="; http_uri; distance:0; content:"__VIEWSTATE="; http_uri; distance:0; content:!"&"; http_uri; distance:0; metadata: former_category WEB_SPECIFIC_APPS; reference:url,www.thezdi.com/blog/2020/2/24/cve-2020-0688-remote-code-execution-on-microsoft-exchange-server-through-fixed-cryptographic-keyscve; reference:cve,2020-0688; classtype:attempted-admin; sid:2029540; rev:2; metadata:affected_product Web_Server_Applications, attack_target SMTP_Server, deployment Perimeter, deployment SSLDecrypt, signature_severity Major, created_at 2020_02_26, performance_impact Low, updated_at 2020_02_26;)

Added 2020-02-26 20:42:30 UTC


Topic revision: r1 - 2020-08-05 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats