rules/application/appframework_spring_exceptions.yml

title: Spring framework exceptions
id: ae48ab93-45f7-4051-9dfe-5d30a3f78e33
description: Detects suspicious Spring framework exceptions that could indicate exploitation attempts
author: Thomas Patzke
references:
    - https://docs.spring.io/spring-security/site/docs/current/apidocs/overview-tree.html
logsource:
    category: application
    product: spring
detection:
    keywords:
        - AccessDeniedException
        - CsrfException
        - InvalidCsrfTokenException
        - MissingCsrfTokenException
        - CookieTheftException
        - InvalidCookieException
        - RequestRejectedException
    condition: keywords
falsepositives:
    - Application bugs
    - Penetration testing
level: medium
Application security rules 2017-08-12 00:43:10 +02:00			`title: Spring framework exceptions`
Added UUIDs to rules 2019-11-12 23:12:27 +01:00			`id: ae48ab93-45f7-4051-9dfe-5d30a3f78e33`
Spring framework security exceptions rule 2017-08-06 23:21:53 +02:00			`description: Detects suspicious Spring framework exceptions that could indicate exploitation attempts`
			`author: Thomas Patzke`
Change "reference" to "references" to match new schema 2018-01-28 02:12:19 +03:00			`references:`
Spring framework security exceptions rule 2017-08-06 23:21:53 +02:00			`- https://docs.spring.io/spring-security/site/docs/current/apidocs/overview-tree.html`
			`logsource:`
Application security rules 2017-08-12 00:43:10 +02:00			`category: application`
Spring framework security exceptions rule 2017-08-06 23:21:53 +02:00			`product: spring`
			`detection:`
			`keywords:`
			`- AccessDeniedException`
			`- CsrfException`
			`- InvalidCsrfTokenException`
			`- MissingCsrfTokenException`
			`- CookieTheftException`
			`- InvalidCookieException`
			`- RequestRejectedException`
			`condition: keywords`
			`falsepositives:`
			`- Application bugs`
			`- Penetration testing`
			`level: medium`