Spring Framework Exceptions

Aug 12, 2024 · attack.initial-access attack.t1190 ·

Detects suspicious Spring framework exceptions that could indicate exploitation attempts

Sigma rule (View on GitHub)

 1title: Spring Framework Exceptions
 2id: ae48ab93-45f7-4051-9dfe-5d30a3f78e33
 3status: stable
 4description: Detects suspicious Spring framework exceptions that could indicate exploitation attempts
 5references:
 6    - https://docs.spring.io/spring-security/site/docs/current/api/overview-tree.html
 7author: Thomas Patzke
 8date: 2017-08-06
 9modified: 2020-09-01
10tags:
11    - attack.initial-access
12    - attack.t1190
13logsource:
14    category: application
15    product: spring
16detection:
17    keywords:
18        - AccessDeniedException
19        - CsrfException
20        - InvalidCsrfTokenException
21        - MissingCsrfTokenException
22        - CookieTheftException
23        - InvalidCookieException
24        - RequestRejectedException
25    condition: keywords
26falsepositives:
27    - Application bugs
28level: medium

References

Class Hierarchy (spring-security-docs 6.3.4 API)

class tree

Read More

Spring Framework Exceptions

Sigma rule (View on GitHub)

References

Class Hierarchy (spring-security-docs 6.3.4 API)

Related rules