Zero-Day vulnerability CVE-2022-22965 in Spring Framework

A Zero-day Remote Code Execution Vulnerability with critical severity has been identified as CVE-2022-22965 aka Spring4Shell or SpringShell in Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19 & older.

The Spring Framework is an open-source, popular, feature-rich application framework used for building modern & enterprise Java web applications. Publicly available exploits in this widely used framework make it very dangerous.

Why is CVE-2022-22965 “Spring4Shell” vulnerability so dangerous?

Invulnerable Spring Framework, SpringMVC, or Spring WebFlux applications running on JDK 9 or higher are prone to remote code execution via Data Binding. The vulnerability is due to the improper handling of the Java class properties, which leverages class injection. At the same time, the HTTP input binding and a specially crafted HTTP request could lead to a remote code execution attack and compromise the spring Java application without requiring authentication.

According to vendor advisory, “If the application is deployed as a Spring Boot executable jar, ie, the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. ”

Affected Software and Versions

  • JDK 9 or higher
  • Apache Tomcat as the Servlet container
  • Packaged as a traditional WAR (in contrast to a Spring Boot executable jar)
  • Spring-webmvc or Spring-webflux dependency
  • Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions

Mitigation of “Spring4Shell”

  • Immediately update to Spring Framework 5.3.18 and 5.2.20 or higher version.
  • Please refer to our Vendor Advisory.
  • Update the Network security solutions and endpoints with the latest definitions.

A CVE-2022-22963, a Remote code execution vulnerability, is also identified in Spring Cloud Function versions 3.1.6, 3.2.2, and older routing functionality. Hackers can exploit this by sending crafted SpEL routing expressions that could result in remote code execution. The affected versions should upgrade to 3.1.7 and 3.2.3.

Quick Heal coverage for “Spring4Shell.”

We have released IPS rules to identify and block remote attacks exploiting Spring4Shell & other vulnerabilities. We’ll continue monitoring the developments around this threat and update our detections. We advise our customers to patch their systems on time and keep the anti-virus software updated with the latest VDB updates.

Source

A Zero-day Remote Code Execution Vulnerability with critical severity has been identified as CVE-2022-22965 aka Spring4Shell or SpringShell in Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19 & older.

The Spring Framework is an open-source, popular, feature-rich application framework used for building modern & enterprise Java web applications. Publicly available exploits in this widely used framework make it very dangerous.

Why is CVE-2022-22965 “Spring4Shell” vulnerability so dangerous?

Invulnerable Spring Framework, SpringMVC, or Spring WebFlux applications running on JDK 9 or higher are prone to remote code execution via Data Binding. The vulnerability is due to the improper handling of the Java class properties, which leverages class injection. At the same time, the HTTP input binding and a specially crafted HTTP request could lead to a remote code execution attack and compromise the spring Java application without requiring authentication.

According to vendor advisory, “If the application is deployed as a Spring Boot executable jar, ie, the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. ”

Affected Software and Versions

  • JDK 9 or higher
  • Apache Tomcat as the Servlet container
  • Packaged as a traditional WAR (in contrast to a Spring Boot executable jar)
  • Spring-webmvc or Spring-webflux dependency
  • Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions

Mitigation of “Spring4Shell”

  • Immediately update to Spring Framework 5.3.18 and 5.2.20 or higher version.
  • Please refer to our Vendor Advisory.
  • Update the Network security solutions and endpoints with the latest definitions.

A CVE-2022-22963, a Remote code execution vulnerability, is also identified in Spring Cloud Function versions 3.1.6, 3.2.2, and older routing functionality. Hackers can exploit this by sending crafted SpEL routing expressions that could result in remote code execution. The affected versions should upgrade to 3.1.7 and 3.2.3.

Quick Heal coverage for “Spring4Shell.”

We have released IPS rules to identify and block remote attacks exploiting Spring4Shell & other vulnerabilities. We’ll continue monitoring the developments around this threat and update our detections. We advise our customers to patch their systems on time and keep the anti-virus software updated with the latest VDB updates.

Source

More from author

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Related posts

Advertismentspot_img

Latest posts

Senators Urge FTC to Probe ID.me Over Selfie Data – Krebs on Security

Some of more tech-savvy Democrats in the U.S. Senate are asking the Federal Trade Commission (FTC) to investigate identity-proofing company ID.me for “deceptive statements”...

Personal Information of Nearly Two Million Texans Exposed

The personal information of nearly two million Texans was exposed for nearly three years due to a programming issue at the Texas Department of...

Critical VMware Bug Exploits Continue, as Botnet Operators Jump In

Recently uncovered VMware vulnerabilities continue to anchor an ongoing wave of cyberattacks bent on dropping various payloads. In the latest spate of activity,...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!