-
SpringShell is a new vulnerability in Spring, the world’s most popular Java framework, widely used for web system development and the severity of the vulnerability is critical (CVSS score of 9.8), CVE-2022-22965 is given the name SpringShell (and/or Spring4Shell) by the infosec community.
It enables remote code execution (RCE) using ClassLoader access to manipulate attributes and setters. This issue was unfortunately leaked online without responsible disclosure before an official patch was available.
You could be vulnerable if you have the following configurations:
1. JDK 9 or higher
2. Apache Tomcat as the Servlet container
3. Packaged as WAR rather than Spring Boot executable jar
4. spring-webmvc or spring-webflux dependency
5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions
6. Using Spring Beans packet (spring-beans-*.jar) and using Spring parameters bindingWhile Spring has rapidly deployed a patch and released 5.3.18 and 5.2.20 to patch the issue, this is still a customer responsibility. There will also be many organizations out there who have bought applications that use the Spring framework without their knowledge. In this case, vendors will need to rapidly reach out and inform them that they need to patch.
WiJungle Unified Network Security Gateway with an active subscription can block the attack traffic related to this vulnerability.
You must be logged in to reply to this topic.