ET EXPLOIT Possible Microsoft Exchange Server OWA GetWacUrl Information Disclosure Attempt (CVE-2020-17143)
Sourceet/open
Fileemerging-exploit.rules
CreatedFebruary 8, 2022
UpdatedApril 25, 2024
Classificationweb-application-attack
alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET EXPLOIT Possible Microsoft Exchange Server OWA GetWacUrl Information Disclosure Attempt (CVE-2020-17143)"; flow:established,to_server ; http.method; content:"POST"; http.uri; content:"/owa/service.svc"; fast_pattern; http.request_header; header_lowercase; content:"action|3a 20|GetWacIframeUrlForOneDrive"; startswith; nocase; http.request_header; content:"|22|EndPointUrl|22 3a 22|"; nocase; reference:cve,2020-17143 ; classtype:web-application-attack; sid:2035138; rev:3; metadata:attack_target Server, created_at 2022_02_08, cve CVE_2020_17143, deployment Perimeter, deployment Internal, confidence Medium, signature_severity Major, tag Exploit, updated_at 2024_04_25, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application;)
References
| cve | 2020-17143 |
Metadata
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!