alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Fortra MFT Deserialization Remote Code Execution Attempt (CVE-2023-0669) M2"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/goanywhere/lic/accept?bundle="; fast_pattern; startswith; reference:url,attackerkb.com/topics/mg883Nbeva/cve-2023-0669/rapid7-analysis; reference:cve,2023-0669; classtype:attempted-admin; sid:2044144; rev:2; metadata:affected_product Java, attack_target Web_Server, created_at 2023_02_07, cve CVE_2023_0669, deployment Perimeter, deployment Internal, deployment Datacenter, deployment SSLDecrypt, former_category EXPLOIT, performance_impact Low, confidence Medium, signature_severity Major, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_09_20, reviewed_at 2025_04_17, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application;)