CVE-2020-0688 Exploitation Attempt
Detects CVE-2020-0688 Exploitation attempts
Sigma rule (View on GitHub)
1title: CVE-2020-0688 Exploitation Attempt
2id: 7c64e577-d72e-4c3d-9d75-8de6d1f9146a
3status: test
4description: Detects CVE-2020-0688 Exploitation attempts
5references:
6 - https://github.com/Ridter/cve-2020-0688
7author: NVISO
8date: 2020/02/27
9modified: 2023/01/02
10tags:
11 - attack.initial_access
12 - attack.t1190
13 - cve.2020.0688
14 - detection.emerging_threats
15logsource:
16 category: webserver
17detection:
18 selection:
19 cs-uri-query|contains|all:
20 - '/ecp/default.aspx'
21 - '__VIEWSTATEGENERATOR='
22 - '__VIEWSTATE='
23 condition: selection
24falsepositives:
25 - Unknown
26level: high
References
Related rules
- CVE-2020-0688 Exchange Exploitation via Web Log
- CVE-2010-5278 Exploitation Attempt
- CVE-2020-10148 SolarWinds Orion API Auth Bypass
- CVE-2020-5902 F5 BIG-IP Exploitation Attempt
- CVE-2021-40539 Zoho ManageEngine ADSelfService Plus Exploit