A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vmware spring framework |
||
cisco cx cloud agent |
||
oracle sd-wan edge 9.0 |
||
oracle retail xstore point of service 20.0.1 |
||
oracle communications cloud native core security edge protection proxy 1.7.0 |
||
oracle financial services analytical applications infrastructure 8.1.1 |
||
oracle sd-wan edge 9.1 |
||
siemens siveillance identity 1.6 |
||
siemens siveillance identity 1.5 |
||
siemens sipass integrated 2.85 |
||
siemens sipass integrated 2.80 |
||
oracle product lifecycle analytics 3.6.1 |
||
oracle financial services enterprise case management 8.1.1.0 |
||
oracle financial services enterprise case management 8.1.1.1 |
||
oracle financial services behavior detection platform 8.1.2.0 |
||
oracle financial services behavior detection platform 8.1.1.1 |
||
oracle financial services behavior detection platform 8.1.1.0 |
||
oracle communications cloud native core console 1.9.0 |
||
oracle communications cloud native core policy 1.15.0 |
||
oracle communications cloud native core unified data repository 1.15.0 |
||
oracle communications cloud native core unified data repository 22.1.0 |
||
oracle communications cloud native core security edge protection proxy 22.1.0 |
||
oracle communications cloud native core policy 22.1.0 |
||
oracle communications cloud native core network slice selection function 1.8.0 |
||
oracle communications cloud native core network slice selection function 22.1.0 |
||
oracle communications cloud native core network repository function 1.15.0 |
||
oracle communications cloud native core network repository function 22.1.0 |
||
oracle communications cloud native core network function cloud native environment 22.1.0 |
||
oracle communications cloud native core network function cloud native environment 1.10.0 |
||
oracle communications cloud native core network exposure function 22.1.0 |
||
oracle communications cloud native core console 22.1.0 |
||
oracle communications cloud native core automated test suite 22.1.0 |
||
oracle communications cloud native core automated test suite 1.9.0 |
||
oracle retail xstore point of service 21.0.0 |
||
oracle financial services enterprise case management 8.1.2.0 |
||
oracle financial services analytical applications infrastructure 8.1.2.0 |
||
oracle communications policy management 12.6.0.0.0 |
||
oracle mysql enterprise monitor |
||
oracle communications cloud native core network slice selection function 1.15.0 |
||
siemens operation scheduler |
||
veritas access appliance 7.4.3 |
||
veritas access appliance 7.4.3.100 |
||
veritas access appliance 7.4.3.200 |
||
veritas netbackup virtual appliance 4.0.0.1 |
||
veritas netbackup virtual appliance 4.1.0.1 |
||
veritas netbackup appliance 4.0.0.1 |
||
veritas netbackup appliance 4.1.0.1 |
||
veritas netbackup flex scale appliance 2.1 |
||
veritas netbackup flex scale appliance 3.0 |
||
veritas netbackup virtual appliance 4.0 |
||
veritas netbackup virtual appliance 4.1 |
||
veritas netbackup appliance 4.0 |
||
veritas netbackup appliance 4.1 |
||
veritas flex appliance 1.3 |
||
veritas flex appliance 2.0 |
||
veritas flex appliance 2.0.1 |
||
veritas flex appliance 2.0.2 |
||
veritas flex appliance 2.1 |
IT threat evolution in Q1 2022
IT threat evolution in Q1 2022. Non-mobile statistics
IT threat evolution in Q1 2022. Mobile statistics
These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data.
Quarterly figures
According to Kaspersky Security Network, in Q1 2022:
Kaspersky solutions blocked 1,216,350,437 attacks from online resources across the globe.
...
The Mirai malware is now leveraging the Spring4Shell exploit to infect vulnerable web servers and recruit them for DDoS (distributed denial of service) attacks.
Spring4Shell is a
tracked as CVE-2022-22965, affecting Spring Framework, a widely used enterprise-level Java app development platform.
Spring released emergency updates to
a few days after its discovery, but threat actors' exploitation of vulnerable deployments was already underway.
While&...
Roughly one out of six organizations worldwide that are impacted by the Spring4Shell zero-day vulnerability have already been targeted by threat actors, according to statistics from one cybersecurity company.
The exploitation attempts took place in the first four days since the disclosure of the severe remote code execution (RCE) flaw, tracked as CVE-2022-22965, and the associated exploit code.
According to Check Point, who compiled the report based on their telemetry data, 37,000 Sp...
Last week researchers found the critical vulnerability CVE-2022-22965 in Spring – the open source Java framework. Using the vulnerability, an attacker can execute arbitrary code on a remote web server, which makes CVE-2022-22965 a critical threat, given the Spring framework’s popularity. By analogy with the infamous Log4Shell threat, the vulnerability was named Spring4Shell.
CVE-2022-22965 and CVE-2022-22963: technical details
CVE-2022-22965 (Spring4Shell, SpringShell) is a vulne...
Symantec products will protect against attempted exploits of Spring4Shell vulnerability.
Posted: 31 Mar, 20223 Min ReadThreat Intelligence SubscribeFollowtwitterlinkedinSpring4Shell: New Zero-day RCE Vulnerability Uncovered in Java FrameworkSymantec products will protect against attempted exploits of Spring4Shell vulnerability.A zero-day vulnerability in the Spring Core Java framework that could allow for unauthenticated remote code execution (RCE) on vulnerable applications was publicly disclosed on March 30, before a patch wa...
Get our weekly newsletter Trend Micro says vulnerable systems in Singapore have been compromised
There has been a land rush of sorts among threat groups trying to use the vulnerability discovered in the open-source Spring Framework last month, and now researchers at Trend Micro are saying it's being actively exploited to execute the Mirai botnet.
The Mirai malware is a long-running threat that has been around since 2016 and is used to pull smaller networked and Internet of Things (IoT) devices such as IP cameras and routers into a botnet that can then be used in such campaigns as dist...
Microsoft said that it's currently tracking a "low volume of exploit attempts" targeting the critical Spring4Shell (aka SpringShell) remote code execution (RCE) vulnerability across its cloud services.
The
(tracked as CVE-2022-22965) impacts the Spring Framework, described as the "most widely used lightweight open-source framework for Java."
"Microsoft regularly monitors attacks against our cloud infrastructure and services to defend them better," the Microsoft 365 Defen...
VMware has published security updates for the critical remote code execution vulnerability known as Spring4Shell, which impacts several of its cloud computing and virtualization products.
A list of VMware products affected by Spring4Shell is available in an adivsory from the company. Where a fix is not available, VMware released a workaround as a temporary solution.
At this time, it is critically important to follow the advice provided in the security bulletin, as Spring4Shell is an ...
Spring released emergency updates to fix the 'Spring4Shell' zero-day remote code execution vulnerability, which leaked prematurely online before a patch was released.
Yesterday, an exploit for a zero-day
dubbed 'Spring4Shell' was briefly published on GitHub and then removed.
However, as nothing stays hidden on the Internet, the code was quickly shared in other repositories and tested by security researchers, who confirmed it was a legitimate exploit for a new vulner...
Get our weekly newsletter April bundle addresses 100-plus vulnerabilities including 10 critical RCEs
Microsoft's massive April Patch Tuesday includes one bug that has already been exploited in the wild and a second that has been publicly disclosed.
In total, the Redmond giant patched a whopping 128 bugs today, including 10 critical remote code execution (RCE) vulnerabilities.
First, though: CVE-2022-24521, which NSA and CrowdStrike security researchers reported to Microsoft, is under active exploitation. It's an elevation-of-privilege vulnerability, and it occurs in the Windows Comm...