Potential Local File Read Vulnerability In JVM Based Application

 1title: Potential Local File Read Vulnerability In JVM Based Application
 2id: e032f5bc-4563-4096-ae3b-064bab588685
 3status: test
 4description: |
 5    Detects potential local file read vulnerability in JVM based apps.
 6    If the exceptions are caused due to user input and contain path traversal payloads then it's a red flag.    
 7references:
 8    - https://www.wix.engineering/post/threat-and-vulnerability-hunting-with-application-server-error-logs
 9author: Moti Harmats
10date: 2023/02/11
11tags:
12    - attack.initial_access
13    - attack.t1190
14logsource:
15    category: application
16    product: jvm
17    definition: 'Requirements: application error logs must be collected (with LOG_LEVEL=ERROR and above)'
18detection:
19    keywords_local_file_read:
20        '|all':
21            - 'FileNotFoundException'
22            - '/../../..'
23    condition: keywords_local_file_read
24falsepositives:
25    - Application bugs
26level: high

References

• Threat and Vulnerability Hunting with Application Server Error Logs

  

  IntroductionWhen doing application security at scale, you have to make peace with the fact that some issues may as well find their way into production. While we work hard to make sure this almost never happens, we understand that it’s just a fact of life that sometimes some things can slip into production without proper security controls.Photo by Mahdi Bafande on UnsplashThat’s why in addition to constantly “shifting left” our efforts and trying to secure all frameworks “by design”, one of the c

  
  Read More

Related rules

• Potential CVE-2022-21587 Exploitation Attempt
• Potential CVE-2023-23752 Exploitation Attempt
• Potential JNDI Injection Exploitation In JVM Based Application
• Potential OGNL Injection Exploitation In JVM Based Application
• Potential RCE Exploitation Attempt In NodeJS