CVE-2021-21978 Exploitation Attempt

 1title: CVE-2021-21978 Exploitation Attempt
 2id: 77586a7f-7ea4-4c41-b19c-820140b84ca9
 3status: test
 4description: Detects the exploitation of the VMware View Planner vulnerability described in CVE-2021-21978
 5references:
 6    - https://twitter.com/wugeej/status/1369476795255320580
 7    - https://paper.seebug.org/1495/
 8author: Bhabesh Raj
 9date: 2020/03/10
10modified: 2023/01/02
11tags:
12    - attack.initial_access
13    - attack.t1190
14    - cve.2021.21978
15    - detection.emerging_threats
16logsource:
17    category: webserver
18detection:
19    selection:
20        cs-method: 'POST'
21        cs-uri-query|contains|all:
22            - 'logupload'
23            - 'logMetaData'
24            - 'wsgi_log_upload.py'
25    condition: selection
26falsepositives:
27    - Unknown
28level: high

References

• Something went wrong, but don’t fret — let’s give it another shot.

  
  Read More

• https://paper.seebug.org/1495/

  
  Read More

Related rules

• Exploitation of CVE-2021-26814 in Wazuh
• CVE-2021-21972 VSphere Exploitation
• CVE-2021-33766 Exchange ProxyToken Exploitation
• CVE-2023-46747 Exploitation Activity - Proxy
• CVE-2023-46747 Exploitation Activity - Webserver