ET WEB_SPECIFIC_APPS Fortra GoAnywhere MFT Response Valid License Request Token Disclosure
Sourceet/open
CreatedSeptember 25, 2025
UpdatedSeptember 25, 2025
Classificationweb-application-attack
alert http $HOME_NET any -> any any (msg:"ET WEB_SPECIFIC_APPS Fortra GoAnywhere MFT Response Valid License Request Token Disclosure"; flow:established,to_client; flowbits:isset,ET.GoAnywhere.CVE-2025-10035; http.stat_code; content:"302"; http.location; content:"/lic/request|3f|bundle|3d|"; fast_pattern; reference:url,labs.watchtowr.com/is-this-bad-this-feels-bad-goanywhere-cve-2025-10035/; classtype:web-application-attack; sid:2064921; rev:1; metadata:affected_product Fortra_GoAnywhere, attack_target Server, tls_state TLSDecrypt, created_at 2025_09_25, deployment Perimeter, deployment Internal, deployment SSLDecrypt, confidence High, signature_severity Minor, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2025_09_25, mitre_tactic_id TA0007, mitre_tactic_name Discovery, mitre_technique_id T1082, mitre_technique_name System_Information_Discovery; target:dest_ip;)
Metadata
affected productFortra_GoAnywhere
attack targetServer
tls stateTLSDecrypt
created at2025_09_25
deploymentSSLDecrypt
confidenceHigh
signature severityMinor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2025_09_25
mitre tactic idTA0007
mitre tactic nameDiscovery
mitre technique idT1082
mitre technique nameSystem_Information_Discovery
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!