Versions (7)
Version DetailsCurrent
Rev: 4 • Feb 7, 2023, 12:00 PMET WEB_SPECIFIC_APPS Fortra MFT Deserialization Remote Code Execution Attempt (CVE-2023-0669) M1
alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Fortra MFT Deserialization Remote Code Execution Attempt (CVE-2023-0669) M1"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/goanywhere/lic/accept?bundle="; fast_pattern; startswith; reference:url,attackerkb.com/topics/mg883Nbeva/cve-2023-0669/rapid7-analysis; reference:cve,2023-0669; classtype:attempted-admin; sid:2044143; rev:4; metadata:affected_product Java, attack_target Web_Server, created_at 2023_02_07, cve CVE_2023_0669, deployment Perimeter, deployment Internal, deployment Datacenter, deployment SSLDecrypt, performance_impact Low, confidence High, signature_severity Major, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_09_20, reviewed_at 2025_04_17, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application;)
Feb 7, 2023, 12:00 PM
Sep 20, 2024, 12:00 PM
Sep 21, 2024, 3:00 AM
Aug 25, 2025, 9:35 PM
rules/emerging-web_specific_apps.rules