Potential OGNL Injection Exploitation In JVM Based Application

Rule Info

Name
Potential OGNL Injection Exploitation In JVM Based Application
Author
Moti Harmats
Description
Detects potential OGNL Injection exploitation, which may lead to RCE. OGNL is an expression language that is supported in many JVM based systems. OGNL Injection is the reason for some high profile RCE's such as Apache Struts (CVE-2017-5638) and Confluence (CVE-2022-26134)
Reference
https://www.wix.engineering/post/threat-and-vulnerability-hunting-with-application-server-error-logs
Date
2023-02-11 00:00:00
Modified
None
Id
4d0af518-828e-4a04-a751-a7d03f3046ad
Tags
attack.initial-access attack.t1190 cve.2017-5638 cve.2022-26134
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=4d0af518-828e-4a04-a751-a7d03f3046ad

Rule History

Author
Title
Date
Commit
Nasreddine Bencherchali
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12
598d29f81
github-actions[bot]
chore: promote older rules status from `experimental` to `test` (#4651)
2024-01-01
c3fe2da99
Moti-H
feat: add new application vulnerability rules (#4034)
2023-02-15
ff4242dad
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022