ET EXPLOIT Microsoft Exchange Server Exploitation (CVE-2020-17141)
Sourceet/open
Fileemerging-exploit.rules
CreatedJanuary 8, 2021
UpdatedMarch 7, 2024
Classificationweb-application-attack
alert http any any -> any any (msg:"ET EXPLOIT Microsoft Exchange Server Exploitation (CVE-2020-17141)"; flow:established,to_server ; http.method; content:"POST"; http.uri; content:"/ews/Exchange.asmx"; startswith; http.request_body; content:"<m:RouteComplaint|20|" ; content:"<m:Data>" ; distance:0; base64_decode:bytes 300, offset 0, relative ; base64_data; content:"<!DOCTYPE"; content:"SYSTEM"; distance:0; classtype:web-application-attack; sid:2031507; rev:2; metadata:attack_target Server, created_at 2021_01_08, cve CVE_2020_17141, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_07;)
Metadata
attack targetServer
created at2021_01_08
deploymentInternal
confidenceHigh
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_03_07
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!