alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS JumpServer Connection Token Leak (CVE-2025-62712)"; flow:established,to_server; http.uri; content:"/api/v1/authentication/super-connection-token"; startswith; fast_pattern; http.method; content:"GET"; reference:url,nsfocusglobal.com/jumpserver-connection-token-improper-authentication-vulnerability-cve-2025-62712-notice/; reference:cve,2025-62712; classtype:web-application-attack; sid:2065715; rev:1; metadata:attack_target Server, tls_state TLSDecrypt, created_at 2025_11_10, cve CVE_2025_62712, deployment Perimeter, deployment Internal, deployment SSLDecrypt, confidence High, signature_severity Minor, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2025_11_10, mitre_tactic_id TA0007, mitre_tactic_name Discovery, mitre_technique_id T1082, mitre_technique_name System_Information_Discovery; target:dest_ip;)