Spring Framework Exceptions

Detects suspicious Spring framework exceptions that could indicate exploitation attempts

Sigma rule (View on GitHub)

 1title: Spring Framework Exceptions
 2id: ae48ab93-45f7-4051-9dfe-5d30a3f78e33
 3status: stable
 4description: Detects suspicious Spring framework exceptions that could indicate exploitation attempts
 5references:
 6    - https://docs.spring.io/spring-security/site/docs/current/api/overview-tree.html
 7author: Thomas Patzke
 8date: 2017-08-06
 9modified: 2020-09-01
10tags:
11    - attack.initial-access
12    - attack.t1190
13logsource:
14    category: application
15    product: spring
16detection:
17    keywords:
18        - AccessDeniedException
19        - CsrfException
20        - InvalidCsrfTokenException
21        - MissingCsrfTokenException
22        - CookieTheftException
23        - InvalidCookieException
24        - RequestRejectedException
25    condition: keywords
26falsepositives:
27    - Application bugs
28level: medium

References

Related rules

to-top