alert http any any -> any any (msg:"ET EXPLOIT Microsoft Exchange Server Exploitation (CVE-2020-17141)"; flow:to_server,established; http.method; content:"POST"; http.uri; content:"/ews/Exchange.asmx"; startswith; http.request_body; content:"<m:RouteComplaint|20|"; content:"<m:Data>"; distance:0; base64_decode:bytes 300, offset 0, relative; base64_data; content:"<!DOCTYPE"; content:"SYSTEM"; distance:0; classtype:web-application-attack; sid:2031507; rev:1; metadata:attack_target Server, created_at 2021_01_08, cve CVE_2020_17141, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_04_19;)