Exchange Exploitation CVE-2021-28480

calendar Nov 14, 2023 · attack.initial_access attack.t1190 cve.2021.28480 detection.emerging_threats  ·
Share on: linkedin copy

Detects successful exploitation of Exchange vulnerability as reported in CVE-2021-28480

Sigma rule (View on GitHub)

 1title: Exchange Exploitation CVE-2021-28480
 2id: a2a9d722-0acb-4096-bccc-daaf91a5037b
 3status: test
 4description: Detects successful exploitation of Exchange vulnerability as reported in CVE-2021-28480
 5references:
 6    - https://twitter.com/GossiTheDog/status/1392965209132871683?s=20
 7author: Florian Roth (Nextron Systems)
 8date: 2021/05/14
 9modified: 2023/01/02
10tags:
11    - attack.initial_access
12    - attack.t1190
13    - cve.2021.28480
14    - detection.emerging_threats
15logsource:
16    category: webserver
17detection:
18    selection:
19        cs-uri-query|contains: '/owa/calendar/a'
20        cs-method: 'POST'
21    filter_main_status:
22        sc-status: 503
23    condition: selection and not 1 of filter_*
24falsepositives:
25    - Unknown
26level: critical

References

  • Something went wrong, but don’t fret — let’s give it another shot.


    Read More

Related rules

to-top