Detectionhightest

Potential Local File Read Vulnerability In JVM Based Application

Detects potential local file read vulnerability in JVM based apps. If the exceptions are caused due to user input and contain path traversal payloads then it's a red flag.

Convert In Phoenix Studio

Open this Sigma rule in the converter with the YAML preloaded and ready for backend selection.

Launch

Moti HarmatsCreated Sat Feb 11e032f5bc-4563-4096-ae3b-064bab588685application

Log Source

jvmapplication

Productjvm← raw: jvm

Categoryapplication← raw: application

Definition

Requirements: application error logs must be collected (with LOG_LEVEL=ERROR and above)

Detection Logic

detection:
    keywords_local_file_read:
        '|all':
            - 'FileNotFoundException'
            - '/../../..'
    condition: keywords_local_file_read

False Positives

Application bugs

References

Resolving title…

wix.engineering

MITRE ATT&CK

Tactics

TA0001 · Initial Access

Techniques

T1190 · Exploit Public-Facing Application

Rule Metadata

Rule ID