• Life at Kasada
  • Book a call
Use cases
  • Account Takeover
  • API Protection
  • CAPTCHA Alternative
  • Content scraping
  • Checkout Fraud
  • Fake Account Creation
  • GenAI Abuse
Industries
  • Airlines
  • eCommerce & Retail
  • Energy & Utilities
  • Financial Services & FinTech
  • Media, Entertainment & Gaming
  • SaaS & Internet
  • Travel & Hospitality
Retooling:

How Attackers Bypass Traditional Bot Management

Learn more
Kasada Bot DefenseStop sophisticated bots, scrapers, and automated attacks before they impact your businessKasada Account IntelligenceDetect coordinated fraud and repeat abuse hiding across accounts, sessions, and devices.Kasada AI Agent TrustVerify AI agent and control what crawlers, bots, and agents can access.KasadaIQ for FraudSee warning signs before fraud occurs. Prevent bot attacks on your business logic and customer data. Know that Kasada is listening to millions of signals and safeguarding your business.
One platform. One detection engine. Four connected capabilities.
Life at Kasada
Resources
  • Blog
  • Case Studies
  • Reports
  • Events
  • Infographics
  • Videos
  • Data Sheets
Kasada Introduces Account Intelligence to Address a Gap in Fraud PreventionKasada Introduces Account Intelligence to Address a Gap in Fraud PreventionAI agent trust: What to allow, what to block, and what to prepare forAI agent trust: What to allow, what to block, and what to prepare for

Take the next step to stopping threats now.

Loading form...

Solutions
  • Account Takeover
  • API Protection
  • CAPTCHA Alternative
  • Checkout Fraud
  • Content Scraping
  • Fake Account Creation
Contact
  • Contact Us
  • Check My Site
  • Book a Call
  • Become a Partner
  • Support
Resources
  • Blog
  • Case Studies
  • Data Sheets & Reports
  • Events & Webinars
  • Infographics
  • Integration
  • Compliance
Company
  • Life at Kasada
  • Join Our Team
  • About Us
Blog

Spring4Shell Zero-Day Vulnerability: Why Wait on WAF


A newly disclosed remote code execution vulnerability in Spring Core, a widely used Java framework, has been identified.

KasadaIQMarch 31, 2022
  • Spring4Shell CVE-2022-22965
  • Automated Scans to Exploit Spring4Shell
  • Detecting Malicious Scanners
  • Summary

Spring4Shell CVE-2022-22965

A newly disclosed remote code execution vulnerability in Spring Core, a widely used Java framework, has been identified. Exploitation of CVE-2022-22965 has been confirmed as a means of enabling unauthenticated remote code execution on applications.

Similar to the recent zero-day vulnerability identified with Log4j CVE-2021-44228, and other events, including Heartbleed and Shellshock from the prior decade, the effects on the cybersecurity industry have been felt as new open-source vulnerabilities continue to be identified. These events require organizations to scramble in order to determine the potential impact of the vulnerability within their company and subsequently identify the quickest path for remediation.

While the full extent of Spring4Shell isn’t fully understood as of yet, it doesn’t appear to have the same level of widespread impact as the recent Log4j event. But for those organizations that are impacted, it represents an attack surface that’s challenging to defend against until software patches or firewall rules are made available.

Automated Scans to Exploit Spring4Shell

As Kasada researchers observed with Log4j, adversaries quickly leverage the scale gained from automated vulnerability scanner tools to test thousands of URLs to identify which systems haven’t been patched and make for an easy target. Spring4Shell is no exception. Once the zero-day was public on Wednesday, March 30th, Kasada quickly detected automated exploit attempts against several of our customers.

Spring4Shell Zero Day Vulnerability

Want to learn more?

  • AI Agents Just Broke The Funnel. Forrester's Recent Research Says Security And Marketing Have To Fix It Together

    AI Agents Just Broke The Funnel. Forrester's Recent Research Says Security And Marketing Have To Fix It Together

    The "block all bots" era is over. Read our breakdown of Forrester's latest research on why marketing and security must join forces to survive the new wave of AI agents.

    Read more
  • Top Threats We're Tracking in April

    Top Threats We're Tracking in April

    KasadaIQ analyst commentary on the threat environment

The figure above shows the volume of automated Spring4Shell exploitation attempts across Kasada customers immediately following its discovery.

Detecting Malicious Scanners

Kasada has deep expertise in detecting the presence of automation. Kasada’s invisible, client-side interrogation methods for automation detection actively blocks malicious vulnerability scanners aimed towards exploiting zero-day vulnerabilities like Spring4Shell – in real-time without requiring specific knowledge of the vulnerability itself.

Being able to reduce the risk during the “scan-to-exploit” phase of a zero-day vulnerability event is critical as there are limited options available until software and firewall patches are made available that are specific to the application.

Summary

Applying application-agnostic defenses that are able to detect and stop automated threats, in real-time, serves as an important defense layer when used in concert with Web Application Firewall (WAF) rule updates and application software upgrades.

As recently learned during Log4j, and now Spring4Shell, a layer of online defense against malicious scanning tools helps businesses better prepare for the initial scan-to-exploit phase of a zero-day event before the vulnerability can be contained through patching. Thus reducing the overall risk exposure to such events.

Request a demo to learn how our simple and modern approach stops the bot attacks others can’t and provides a defensive layer against automated threats and zero-day vulnerabilities.

Read more

Defeats threats,
not your customersDefeats threats,
not your customers

Start deploying today