
Summary
This rule detects potential SpEL (Spring Expression Language) Injection attacks in applications using the Spring Framework. SpEL is a powerful expression language that supports querying and manipulation of objects at runtime. However, it can also be exploited by attackers to inject malicious expressions, potentially leading to Remote Code Execution (RCE) vulnerabilities. The detection is triggered when application error logs capture instances of the 'org.springframework.expression.ExpressionException', indicating that an error related to expression evaluation has occurred. This key indicator may signify an attempt to exploit a SpEL injection vulnerability, thus requiring immediate investigation and response to mitigate potential risks. This rule emphasizes the importance of monitoring application logs for specific error conditions to protect against such vulnerabilities. Incorporating proper logging practices, such as capturing error-level logs, is crucial in maintaining the integrity and security of applications using the Spring Framework.
Categories
- Application
- Web
- Infrastructure
Data Sources
- Application Log
Created: 2023-02-11