Spring4Shell CVE-2022-22965
A newly disclosed remote code execution vulnerability in Spring Core, a widely used Java framework, has been identified. Exploitation of CVE-2022-22965 has been confirmed as a means of enabling unauthenticated remote code execution on applications.
Similar to the recent zero-day vulnerability identified with Log4j CVE-2021-44228, and other events, including Heartbleed and Shellshock from the prior decade, the effects on the cybersecurity industry have been felt as new open-source vulnerabilities continue to be identified. These events require organizations to scramble in order to determine the potential impact of the vulnerability within their company and subsequently identify the quickest path for remediation.
While the full extent of Spring4Shell isn’t fully understood as of yet, it doesn’t appear to have the same level of widespread impact as the recent Log4j event. But for those organizations that are impacted, it represents an attack surface that’s challenging to defend against until software patches or firewall rules are made available.
Automated Scans to Exploit Spring4Shell
As Kasada researchers observed with Log4j, adversaries quickly leverage the scale gained from automated vulnerability scanner tools to test thousands of URLs to identify which systems haven’t been patched and make for an easy target. Spring4Shell is no exception. Once the zero-day was public on Wednesday, March 30th, Kasada quickly detected automated exploit attempts against several of our customers.


