Spring Framework Exceptions
Detects suspicious Spring framework exceptions that could indicate exploitation attempts
Sigma rule (View on GitHub)
1title: Spring Framework Exceptions
2id: ae48ab93-45f7-4051-9dfe-5d30a3f78e33
3status: stable
4description: Detects suspicious Spring framework exceptions that could indicate exploitation attempts
5references:
6 - https://docs.spring.io/spring-security/site/docs/current/api/overview-tree.html
7author: Thomas Patzke
8date: 2017/08/06
9modified: 2020/09/01
10tags:
11 - attack.initial_access
12 - attack.t1190
13logsource:
14 category: application
15 product: spring
16detection:
17 keywords:
18 - AccessDeniedException
19 - CsrfException
20 - InvalidCsrfTokenException
21 - MissingCsrfTokenException
22 - CookieTheftException
23 - InvalidCookieException
24 - RequestRejectedException
25 condition: keywords
26falsepositives:
27 - Application bugs
28level: medium
References
Related rules
- CVE-2010-5278 Exploitation Attempt
- CVE-2020-0688 Exchange Exploitation via Web Log
- CVE-2020-0688 Exploitation Attempt
- CVE-2020-10148 SolarWinds Orion API Auth Bypass
- CVE-2020-5902 F5 BIG-IP Exploitation Attempt