Phoenix
Sigma IntelligenceBeta
Back to Rules
Detectionmediumstable

Spring Framework Exceptions

Detects suspicious Spring framework exceptions that could indicate exploitation attempts

Convert In Phoenix Studio

Open this Sigma rule in the converter with the YAML preloaded and ready for backend selection.

Launch
Thomas PatzkeCreated Sun Aug 06Updated Tue Sep 01ae48ab93-45f7-4051-9dfe-5d30a3f78e33application
Log Source
springapplication
Productspring← raw: spring
Categoryapplication← raw: application
Detection Logic
Detection Logic1 selector
detection:
    keywords:
        - AccessDeniedException
        - CsrfException
        - InvalidCsrfTokenException
        - MissingCsrfTokenException
        - CookieTheftException
        - InvalidCookieException
        - RequestRejectedException
    condition: keywords
False Positives

Application bugs

References
1
Resolving title…
docs.spring.io
MITRE ATT&CK
Rule Metadata
Rule ID
ae48ab93-45f7-4051-9dfe-5d30a3f78e33
Status
stable
Level
medium
Type
Detection
Created
Sun Aug 06
Modified
Tue Sep 01
Author
Thomas Patzke
Path
rules/application/spring/spring_application_exceptions.yml
Raw Tags
attack.initial-accessattack.t1190
View on GitHub