ET WEB_SPECIFIC_APPS [aretiq.ai] Exchange EWS InstallApp with ManifestUrl Server-Side Request Forgery Attempt (CVE-2026-45502)

7.0.35.0SID: 2070126Rev: 1Enabled4 views
Sourceet/open
Fileemerging-web_specific_apps.rules
CreatedJuly 1, 2026
UpdatedJuly 1, 2026
Classificationweb-application-attack
alert http any any -> $HOME_NET [443,444] (msg:"ET WEB_SPECIFIC_APPS [aretiq.ai] Exchange EWS InstallApp with ManifestUrl Server-Side Request Forgery Attempt (CVE-2026-45502)"; flow:established,to_server; http.method; content:"POST"; http.request_body; content:"InstallApp"; content:"ManifestUrl"; fast_pattern; distance:0; pcre:"/^[^\x3c]*?(?:\x3a\x2f{2}|\x5c{2})/R"; reference:cve,2026-45502; classtype:web-application-attack; sid:2070126; rev:1; metadata:affected_product Microsoft_Exchange, attack_target Web_Server, tls_state TLSDecrypt, created_at 2026_07_01, cve CVE_2026_45502, deployment Perimeter, deployment Internal, deployment SSLDecrypt, performance_impact Low, confidence High, signature_severity Major, tag Exploit, updated_at 2026_07_01, mitre_tactic_id TA0007, mitre_tactic_name Discovery, mitre_technique_id T1046, mitre_technique_name Network_Service_Discovery;)

References

Metadata

affected productMicrosoft_Exchange
attack targetWeb_Server
tls stateTLSDecrypt
created at2026_07_01
deploymentSSLDecrypt
performance impactLow
confidenceHigh
signature severityMajor
tagExploit
updated at2026_07_01
mitre tactic idTA0007
mitre tactic nameDiscovery
mitre technique idT1046
mitre technique nameNetwork_Service_Discovery

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!