Posts

Showing posts from April, 2022

Spring4Shell Vulnerability (CVE-2022-22965)

Image
Spring4Shell Vulnerability (CVE-2022-22965) Spring is one of the most popular and most widely used Java frameworks –  ~70% of all Java applications use it – so any security issue found in its core functionalities means bad news for a lot of people. Hence the high level of attention paid by the entire cyber industry.  The newly discovered vulnerability in the popular Java Spring framework, dubbed Spring4Shell, Exploitation of Spring4Shell will allow an attacker to remotely execute arbitrary code on the target server, usually with equivalent permissions to the vulnerable web server itself. A successful attack might allow a user to access all website internal data, including possible access to any connected database. It may also allow an attacker to access additional internal resources to gain more permissions or to pivot to other parts of the internal network. Spring4Shell: An confirmed RCE in Spring Core <=5.3.17. CVE Added (3/31/2022): CVE-2022-22965- RCE in "Spring Core"​