LoFP / if the application expects to work with xml there may be parsing issues that don't necessarily mean xxe.

Techniques

• t1190

Sample rules

Potential XXE Exploitation Attempt In JVM Based Application

• source: sigma
• technicques:
  • t1190

Description

Detects XML parsing issues, if the application expects to work with XML make sure that the parser is initialized safely.

Detection logic

condition: keywords
keywords:
- SAXParseException
- DOMException