CVE-2020-0688 Exploitation Attempt
Detects CVE-2020-0688 Exploitation attempts
Sigma rule (View on GitHub)
1title: CVE-2020-0688 Exploitation Attempt
2id: 7c64e577-d72e-4c3d-9d75-8de6d1f9146a
3status: test
4description: Detects CVE-2020-0688 Exploitation attempts
5references:
6 - https://github.com/Ridter/cve-2020-0688
7author: NVISO
8date: 2020-02-27
9modified: 2023-01-02
10tags:
11 - attack.initial-access
12 - attack.t1190
13 - cve.2020-0688
14 - detection.emerging-threats
15logsource:
16 category: webserver
17detection:
18 selection:
19 cs-uri-query|contains|all:
20 - '/ecp/default.aspx'
21 - '__VIEWSTATEGENERATOR='
22 - '__VIEWSTATE='
23 condition: selection
24falsepositives:
25 - Unknown
26level: high
References
-
cve-2020-0688. Contribute to Ridter/cve-2020-0688 development by creating an account on GitHub.
Read More
Related rules
- CVE-2020-0688 Exchange Exploitation via Web Log
- CVE-2020-0688 Exploitation via Eventlog
- ADSelfService Exploitation
- Apache Spark Shell Command Injection - Weblogs
- Arcadyan Router Exploitations