title: CVE-2020-0688 Exploitation Attempt
id: 7c64e577-d72e-4c3d-9d75-8de6d1f9146a
status: experimental
description: Detects CVE-2020-0688 Exploitation attempts
author: NVISO
date: 2020/02/27
modified: 2020/09/03
references:
  - https://github.com/Ridter/cve-2020-0688
logsource:
  category: webserver
detection:
  selection:
    c-uri|contains|all:
      - "/ecp/default.aspx"
      - "__VIEWSTATEGENERATOR="
      - "__VIEWSTATE="
  condition: selection
falsepositives:
  - Unknown
level: high
tags:
    - attack.initial_access
    - attack.t1190