Categories: Business

Critical Alert: Spring Core(SpringShell) Remote Code Execution Vulnerability Exploited In The Wild

Critical Alert: Spring Core(SpringShell) Remote Code Execution Vulnerability Exploited In The Wild

The Spring Framework is an application framework and inversion of the control container for the Java platform developed by VMware. CVE-2022-22965 affects Spring Core and allows an attacker to send a specially crafted HTTP request to bypass protections in the library’s HTTP request parser, leading to remote code execution. Multiple proof of concepts (POCs) have been published and are being used for active exploitation. The vulnerability is called “Spring4Shell” or “SpringShell”.

 

 

The developers of Spring have stated that for successful exploitation to happen, the following conditions have to be met:

 

Spring MVC and Spring WebFlux applications running on Java version JDK9+
The applications are running on Tomcat as a WAR deployment
While the above two conditions are what’s required, the scope of the exploit is more general. This implies that there is a chance for other exploit vectors to be present.

Impact

A malicious user could exploit this Remote Code Execution vulnerability to gain unauthorized access to the server, steal user data, and cause undesirable side effects on the vulnerable machine.

Affected Products

Spring Framework versions 5.3.0 to 5.3.17 and versions 5.2.0 to 5.2.19

Solution

The Spring Developers have released the security update for this vulnerability in versions 5.2.20+ and 5.3.18+. It is recommended that all users upgrade to the latest applicable patched versions ASAP. For users who cannot upgrade their Spring framework, the developers have suggested the following workarounds:

  • Upgrading Tomcat

    Provides adequate protection, but is only a temporary fix until users upgrade their Spring Frameworks.

  • Downgrading to Java 8

    Internal research has shown that this mitigation provides no guaranteed results. If users opt for this, it is suggested to check for the vulnerability once Java 8 is up and running.

  • Set disallowed Fields

    Set disallowedFields on WebDataBinder globally. This works generally, but as a centrally applied workaround fix, may leave some loopholes, in particular, if a controller sets disallowedFields locally through its own @InitBinder method, which overrides the global setting

snehal

Leave a Comment
Share
Published by
snehal
3 years ago

Recent Posts

4 SEO expert to share key actions to raise client satisfaction

4 SEO expert to share key actions to raise client satisfaction As we know SEO…

2 years ago

Google releases a core algorithm update for September 2022.

By : Nidhi Arora Google releases a core algorithm update for September 2022. Yes! You…

2 years ago

Top Online Payment Gateway Providers For E-commerce Website

By : Tanvi Karkare Top Online Payment Gateway Providers For E-commerce Website Payments have been…

2 years ago

Psychological Digital Marketing Tips To Redefine Your Strategy

By : Tanvi Karkare Psychological Digital Marketing Tips To Redefine Your Strategy Human mind is…

2 years ago

Dangers of using public wi-fi

By : Tanvi Karkare Wireless Networking technology, better known as Wi-Fi; has been a revolutionary…

2 years ago

How to use content marketing effectively to promote your business?

By : Swati Patil /*! elementor - v3.6.8 - 27-07-2022 */ .elementor-heading-title{padding:0;margin:0;line-height:1}.elementor-widget-heading .elementor-heading-title[class*=elementor-size-]>a{color:inherit;font-size:inherit;line-height:inherit}.elementor-widget-heading .elementor-heading-title.elementor-size-small{font-size:15px}.elementor-widget-heading .elementor-heading-title.elementor-size-medium{font-size:19px}.elementor-widget-heading…

2 years ago