URGENT SECURITY ADVISORY - Spring4Shell (CVE-2022-22965)

What is Spring4Shell (CVE-2022-22965)?

CVE-2022-22965 is a remote code execution vulnerability that is affecting multiple versions of the Spring MVC and Spring WebFlux frameworks.

The vulnerability can be exploited by sending a single specially crafted HTTP request to the affected server to execute malicious Java code on the affected system.

Note that even if you don’t specifically develop Java applications, the Java Spring framework is incredibly popular and could be included within third party applications deployed across your estate.

Exploitation

The flaw is currently being actively exploited by multiple threat actors with activity expected to increase over the coming days.

Several publicly available exploit tools have been published to exploit the flaw, in each case the exploit  creates a malicious “webshell” designed to provide a backdoor into the system.

Detection

AppCheck has added a plugin to detect the flaw that will run as part of all Web Application and Infrastructure scans. A scan template has also been added to allow users to quickly scan for this specific flaw.

 

Remediation

Spring Framework versions 5.3.18 and 5.2.20 have been released to remediate the flaw. The vendor has also included other workaround steps which can be found here:

https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement

 

 

About AppCheck

AppCheck is a software security vendor based in the UK, offering a leading security scanning platform that automates the discovery of security flaws within organisations websites, applications, network, and cloud infrastructure. AppCheck are authorized by the Common Vulnerabilities and Exposures (CVE) Program as a CVE Numbering Authority (CNA).

 

 

Get started with Appcheck

No software to download or install.
Contact us or call us 0113 887 8380

Start your free trial