SERVER-MAIL -- Snort has detected traffic exploiting vulnerabilities in mail servers (such as Exchange, Courrier). These are different from protocol traffic, as this deals with the traffic going to the mail server itself.
SERVER-MAIL Microsoft Exchange Server arbitrary file write attempt
This rule is looking for post-authentication file write attempts using the Microsoft Exchange server Set-OabVirtualDirectory commands.
What To Look For
This rule fires on post-authentication exploit traffic.
No public information
No known false positives
Cisco Talos Intelligence Group
MITRE ATT&CK Framework
Technique: Execution through API
For reference, see the MITRE ATT&CK vulnerability types here:
Escalation of Privilege
An Escalation of Privilege (EOP) attack is any attack method that results in a user or application gaining permissions to access resources they normally would not have access to.
CVE Additional Information