""ET WEB_SPECIFIC_APPS Possible Attempted Microsoft Exchange RCE (CVE-2020-0688)""

SID: 2029540

Revision: 3

Class Type: attempted-admin

Metadata: affected_product Web_Server_Applications, attack_target SMTP_Server, created_at 2020_02_26, cve CVE_2020_0688, deployment Perimeter, deployment SSLDecrypt, performance_impact Low, signature_severity Major, updated_at 2020_03_02

Reference:

• Link

Protocol: tcp

Source Network: $EXTERNAL_NET

Source Port: any

Destination Network: $HOME_NET

Destination Port: $HTTP_PORTS

Flow: established,to_server

Contents:

• Value: "GET"

• Value: "/ecp/" Depth: 5

• Value: "__VIEWSTATEGENERATOR="

• Value: "__VIEWSTATE="

Within:

PCRE:

Special Options:

• http_method

• http_uri

• http_uri

• http_uri

source