2023-02-15 13:29:53 +02:00
|
|
|
title: Potential Local File Read Vulnerability In JVM Based Application
|
|
|
|
|
id: e032f5bc-4563-4096-ae3b-064bab588685
|
2024-01-01 09:00:51 +01:00
|
|
|
status: test
|
2023-02-15 13:29:53 +02:00
|
|
|
description: |
|
|
|
|
|
Detects potential local file read vulnerability in JVM based apps.
|
|
|
|
|
If the exceptions are caused due to user input and contain path traversal payloads then it's a red flag.
|
|
|
|
|
references:
|
|
|
|
|
- https://www.wix.engineering/post/threat-and-vulnerability-hunting-with-application-server-error-logs
|
|
|
|
|
author: Moti Harmats
|
2024-08-12 12:02:50 +02:00
|
|
|
date: 2023-02-11
|
2023-02-15 13:29:53 +02:00
|
|
|
tags:
|
2024-08-12 12:02:50 +02:00
|
|
|
- attack.initial-access
|
2023-02-15 13:29:53 +02:00
|
|
|
- attack.t1190
|
|
|
|
|
logsource:
|
|
|
|
|
category: application
|
|
|
|
|
product: jvm
|
|
|
|
|
definition: 'Requirements: application error logs must be collected (with LOG_LEVEL=ERROR and above)'
|
|
|
|
|
detection:
|
|
|
|
|
keywords_local_file_read:
|
|
|
|
|
'|all':
|
|
|
|
|
- 'FileNotFoundException'
|
|
|
|
|
- '/../../..'
|
|
|
|
|
condition: keywords_local_file_read
|
|
|
|
|
falsepositives:
|
|
|
|
|
- Application bugs
|
|
|
|
|
level: high
|
