Spring4Shell (CVE-2022-22965) or the remote code execution vulnerability found in Spring Core Framework was observed and confirmed in March of 2022. Spring Framework is an open-source application framework, used for the development of Java-based applications, essentially aiming to help developers build applications more quickly. The vulnerability was initially discovered by an unnamed researcher who wrote about the potentially unpatched RCE vulnerability and published a proof-of-concept that was later confirmed as a zero-day.

The severity of Spring4Shell has been labeled as critical; and the vulnerable include versions of the spring framework that are less than or equal to 5.3.17 and Spring MVC and Spring WebFlux applications running JDK 9+ – as well as the application running on Apache Tomcat as the Servlet container. It has been observed to allow an actor to exploit and gain the ability to execute unauthenticated remote code on a vulnerable system. This is achieved by the actor dropping a web shell onto the affected host, and then executing arbitrary code with the Tomcat owner’s user rights. Although there are specific conditions that need to be met in order for the vulnerability to be exploited, the potential severity and impact that Spring4Shell could have on an environment is enough to mediate and confirm.

The post Spring4Shell: CVE-2022-22965 appeared first on Cyborg Security.

*** This is a Security Bloggers Network syndicated blog from Cyborg Security authored by Josh Campbell. Read the original post at: https://www.cyborgsecurity.com/emerging-threat/spring4shell-cve-2022-22965/