The Spring4Shell vulnerability, identified as CVE-2022-22965, is a critical security weakness found within the Spring framework, which can be exploited in environments running Java Development Kit (JDK) versions 9 or higher. This rule specifically detects attempts to exploit this vulnerability by monitoring web application firewall (WAF) logs for certain patterns indicative of malicious activity. The detection logic leverages Splunk queries focusing on web requests that involve parameters associated with potential proof-of-concept (PoC) exploit attempts. Notably, the rule looks for POST requests that may trigger the execution of runtime code, as well as specific patterns in the module class loader resources that align with known exploitation techniques. The rule can provide visibility into both the attempts to exploit this vulnerability and the context of those attempts within the web application environment, thereby facilitating quicker response actions against potential threats.