• News
  • Security
  • Products
  • About Seqrite
Blogs on Information Technology, Network & Cybersecurity | Seqrite Blog
  • News
  • Security
  • Products
  • About Seqrite
Home  /  Network Security  /  Spring4Shell: Zero-Day vulnerability CVE-2022-22965 in Spring Framework
Spring4Shell: Zero-Day vulnerability CVE-2022-22965 in Spring Framework
06 April 2022

Spring4Shell: Zero-Day vulnerability CVE-2022-22965 in Spring Framework

Written by Shiv Mohan
Shiv Mohan
Network Security
Estimated reading time: 2 minutes

A Zero-day Remote Code Execution Vulnerability with critical severity has been identified as CVE-2022-22965 aka Spring4Shell or SpringShell in Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19 & older.

The Spring Framework is an open-source, popular, feature-rich application framework used for building modern & enterprise Java web applications. Publicly available exploits in this widely used framework make it very dangerous.

 

Why is CVE-2022-22965 “Spring4Shell” vulnerability so dangerous?

Invulnerable Spring Framework, SpringMVC, or Spring WebFlux applications running on JDK 9 or higher are prone to remote code execution via Data Binding. The vulnerability is due to the improper handling of the Java class properties, which leverages class injection. At the same time, the HTTP input binding and a specially crafted HTTP request could lead to a remote code execution attack and compromise the spring Java application without requiring authentication.

According to vendor advisory, “If the application is deployed as a Spring Boot executable jar, i.e., the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.”

 

Affected Software and Versions

  • JDK 9 or higher
  • Apache Tomcat as the Servlet container
  • Packaged as a traditional WAR (in contrast to a Spring Boot executable jar)
  • Spring-webmvc or Spring-webflux dependency
  • Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions

 

Mitigation of “Spring4Shell”

  • Immediately update to Spring Framework 5.3.18 and 5.2.20 or higher version.
  • Please refer to our Vendor Advisory.
  • Update the Network security solutions and endpoints with the latest definitions.

 

A CVE-2022-22963, a Remote code execution vulnerability, is also identified in Spring Cloud Function versions 3.1.6, 3.2.2, and older routing functionality. Hackers can exploit this by sending crafted SpEL routing expressions that could result in remote code execution. The affected versions should upgrade to 3.1.7 and 3.2.3.

 

Seqrite coverage for “Spring4Shell.”

We have released IPS rules to identify and block remote attacks exploiting Spring4Shell & other vulnerabilities. We’ll continue monitoring the developments around this threat and update our detections. We advise our customers to patch their systems on time and keep the anti-virus software updated with the latest VDB updates.

 Previous PostMetaverse and the Cybersecurity: Evolving Security into the Lates...
Next Post  Explained: What is Web3.0 and Why Does it Matter?
Shiv Mohan

About Shiv Mohan

...

Articles by Shiv Mohan »

Related Posts

  • Why should businesses boost the immunity of Legacy Systems?

    Legacy Systems longing for enterprise attention?

    August 6, 2020
  • etwork Security enters a new phase with SASE

    What is SASE and how does it reinforce network security?

    May 13, 2020
  • APTs Targeting Critical National Organizations

    Transparent Tribe Targeting Critical Indian Organizations

    May 12, 2020

No Comments

Leave a Reply.Your email address will not be published.
Cancel reply

CAPTCHA Image
Refresh Image

Popular Posts
  • 5 Security measures you should take to protect your organization’s network 5 Security measures you should take to protect your organization’s network August 11, 2017
  • Benefits of having Intrusion Prevention/Detection System in your enterprise Benefits of having Intrusion Prevention/Detection System in your enterprise February 15, 2018
  • Seqrite announces SHA-1 deprecation for its products Seqrite announces SHA-1 deprecation for its products May 27, 2021
Featured Authors
  • Seqrite
    Seqrite

    Follow us for the latest updates and insights related to security for...

    Read more..
  • Sanjay Katkar
    Sanjay Katkar

    Sanjay Katkar is the Joint Managing Director and Chief Technology Officer of...

    Read more..
  • Jayesh Kulkarni
    Jayesh Kulkarni

    Jayesh is working as a Security Researcher for a couple of years. He likes to...

    Read more..
Stay Updated!
Topics
apt (11) BYOD (10) COVID-19 (10) Cyber-attack (32) cyber-attacks (56) cyberattacks (12) Cybersecurity (300) cyber security (26) Cyber threat (29) cyber threats (44) Data (11) data breach (50) data breaches (27) data loss (28) data loss prevention (33) data protection (21) data security (13) DLP (49) Encryption (16) endpoint security (103) Enterprise security (15) EPS (10) Exploit (12) firewall (11) IoT (10) malware (64) malware attack (23) malware attacks (12) MDM (25) Microsoft (13) Network security (18) Patch Management (12) phishing (18) Ransomware (60) ransomware attack (29) ransomware attacks (30) ransomware protection (12) security (10) Seqrite (26) Seqrite Encryption (27) Seqrite EPS (33) Seqrite Services (16) UTM (34) Vulnerability (12) windows (11)
Products
  • HawkkHunt
  • HawkkEye
  • HawkkEye Endpoint Security Cloud
  • HawkkEye mSuite
  • HawkkEye Workspace
  • Endpoint Security (EPS)
  • Unified Threat Management
  • Antivirus for Server
  • Antivirus for Linux
Resources
  • White Papers
  • Datasheets
  • Threat Reports
  • Manuals
  • Case Studies
About Us
  • Company Overview
  • Leadership
  • Why choose SEQRITE?
  • Awards & Certifications
  • Newsroom
Archives
  • By Date
  • By Category

© 2022 Quick Heal Technologies Ltd. Cookie Policies Privacy Policies

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website.
By browsing this website, you agree to our cookie policy.