9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.975 High
EPSS
Percentile
100.0%
This is a dockerized application that is vulnerable to the Spring4Shell vulnerability (CVE-2022-22965). Full Java source for the war is provided and modifiable, the war will get re-built whenever the docker image is built. The built WAR will then be loaded by Tomcat. There is nothing special about this application, itâs a simple hello world thatâs based off Spring tutorials.
Details: <https://www.lunasec.io/docs/blog/spring-rce-vulnerabilities>
Having issues with the POC? Check out the LunaSec fork at: <https://github.com/lunasec-io/Spring4Shell-POC>, itâs more actively maintained.
docker build . -t spring4shell && docker run -p 8080:8080 spring4shell
python exploit.py --url "http://localhost:8080/helloworld/greeting"
cmd
GET parameter for your commands. (http://localhost:8080/shell.jsp
by default)Fixed! As of this writing, the container (possibly just Tomcat) must be restarted between exploitations. Iâm actively trying to resolve this.
Re-running the exploit will create an extra artifact file of {old_filename}_.jsp.
PRs/DMs @Rezn0k are welcome for improvements!
gist.github.com/esell/c9731a7e2c5404af7716a6810dc33e1a
github.com/lunasec-io/Spring4Shell-POC
github.com/reznok/Spring4Shell-POC
github.com/reznok/Spring4Shell-POC/blob/master/screenshots/RCE.png?raw=true
github.com/reznok/Spring4Shell-POC/blob/master/screenshots/runexploit_2.png?raw=true
github.com/reznok/Spring4Shell-POC/blob/master/screenshots/webpage.png?raw=true
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.975 High
EPSS
Percentile
100.0%