SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.
SERVER-WEBAPP Microsoft Exchange Control Panel static viewstate key use attempt
This rule will look for attempts to use a hard-coded __VIEWSTATEGENERATOR key in requests to Microsoft's Exchange Control Panel. Microsoft recently patched a vulnerability in its Microsoft Exchange Installations that was causing them to use static/hard-coded keys. Knowledge of these keys can allow attackers to trick the exchange servers into deserializing ViewState data for remote code execution purposes. This rule will alert on use of those hard-coded keys.
This rule will fire on attempts to use a hard-coded __VIEWSTATEGENERATOR key in requests to Microsoft's Exchange Control Panel.
No public information
No known false positives
Cisco Talos Intelligence Group
No rule groups
CVE-2020-0688 |
Loading description
|
Tactic: Execution
Technique: Exploitation for Client Execution
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org