security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
blue-team-tools/rules/application/jvm/java_local_file_read.yml
T
Nasreddine Bencherchali 598d29f811 Merge PR #4950 from @nasbench - Comply With v2 Spec Changes 
chore: change tags, date, modified fields to comply with v2 of the Sigma spec.
chore: update the related type from `obsoletes` to `obsolete`.
chore: update local json schema to the latest version.
2024-08-12 12:02:50 +02:00

27 lines
903 B
YAML
Raw Permalink Blame History

title: Potential Local File Read Vulnerability In JVM Based Application
id: e032f5bc-4563-4096-ae3b-064bab588685
status: test
description: |
Detects potential local file read vulnerability in JVM based apps.
If the exceptions are caused due to user input and contain path traversal payloads then it's a red flag.
references:
- https://www.wix.engineering/post/threat-and-vulnerability-hunting-with-application-server-error-logs
author: Moti Harmats
date: 2023-02-11
tags:
- attack.initial-access
- attack.t1190
logsource:
category: application
product: jvm
definition: 'Requirements: application error logs must be collected (with LOG_LEVEL=ERROR and above)'
detection:
keywords_local_file_read:
'|all':
- 'FileNotFoundException'
- '/../../..'
condition: keywords_local_file_read
falsepositives:
- Application bugs
level: high
Reference in New Issue View Git Blame Copy Permalink