Exploit for Code Injection in Vmware Spring_Framework

This is a PoC exploit for CVE-2022-22965, a remote code executio...

Spring Core Remote Code Execution via Data Binding on JDK 9+

A remote code execution RCE vulnerability was discovered in the Spring framework, affecting at least Spring versions 4.x and 5.x. A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution RCE via data binding. The specific exploit requires the...

CVE-2022-22965

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution RCE via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is...

CVE-2022-22965

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution RCE via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is...

ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.0 <=4.4.0.1), ai.dstack:server-base-local (>=0.0.12 <=0.1.15) +11850 more potentially affected by CVE-2022-22965 via org.springframework.boot:spring-boot-starter-web (>=1.0.0.RELEASE <=2.5.11)

org.springframework.boot:spring-boot-starter-web MAVEN version =1.0.0.RELEASE, =4.4.0.0, =0.0.12, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =1.4.2, =1.6.6, =j8.2.2.0, =j8.2.2.0, =Finchley.SR2.SR1, =Finchley.SR4, =Greenwich.SR2.1 and more Source cves: CVE-2022-22965 Source advisory:...

ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.2 <=4.6.0.0), ai.ylyue:yue-library-auth-client (=j11.2.6.0) +2343 more potentially affected by CVE-2022-22965 via org.springframework.boot:spring-boot-starter-web (>=2.6.0 <=2.6.5)

org.springframework.boot:spring-boot-starter-web MAVEN version =2.6.0, =4.4.0.2, =j11.2.6.0, =1.2.5.RELEASE, =0.1.2, =5.7.7, =5.7.7, =5.7.7, =1.0.0, =1.0.2, =1.0.0, =3.1.305, =3.1.305, =3.1.313 and more Source cves: CVE-2022-22965 Source advisory: OSV:GHSA-36P3-WJMG-H94X...

Remote Code Execution in Spring Framework

Spring Framework prior to versions 5.2.20 and 5.3.18 contains a remote code execution vulnerability known as Spring4Shell. Impact A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution RCE via data binding. The specific exploit requires the...

ai.hyacinth.framework:core-service-admin-server (>=0.5.0 <=0.5.24), ai.hyacinth.framework:core-service-gateway-server (>=0.5.0 <=0.5.24) +1082 more potentially affected by CVE-2022-22965 via org.springframework.boot:spring-boot-starter-webflux (>=2.0.0.RELEASE <=2.5.11)

org.springframework.boot:spring-boot-starter-webflux MAVEN version =2.0.0.RELEASE, =0.5.0, =0.5.0, =0.5.0, =j8.2.2.0, =2.1.2.RELEASE, =1.3, =0.5.0, =3.1.37, =3.1.13, =3.1.85, =3.1.13, =3.1.13, =3.1.295 - ch.mobi.mobitor:mobitor-doc =3.1.13 - city.smartb.f2:f2-spring-boot-starter-function-http...

ai.ylyue:yue-library-webflux (=j11.2.6.0), ca.gc.cyber.ops:assemblyline-java-client (>=1.7 <=1.8) +544 more potentially affected by CVE-2022-22965 via org.springframework.boot:spring-boot-starter-webflux (>=2.6.0 <=2.6.5)

org.springframework.boot:spring-boot-starter-webflux MAVEN version =2.6.0, =1.7, =3.1.305, =3.1.305, =3.1.305, =3.1.305, =3.1.305, =0.2.2, =1.1.3, =1.1.3, =3.12.0, =5.1.1-jdk1.8, =5.1.1-jdk1.8, =5.1.2-jdk1.8 and more Source cves: CVE-2022-22965 Source advisory: OSV:GHSA-36P3-WJMG-H94X...

Exploit for Code Injection in Vmware Spring_Framework

CVE-2022-22965 aka "Spring4Shell" Vulnerabilidad RCE en Spri...

Directory Traversal

spring-boot is vulnerable to directory traversal. The vulnerability exists due to a lack of sanitization of access rights allowing an attacker to write to an embedded web server...

VMware Spring Boot / Spring Framework Detection (HTTP)

HTTP based detection of VMware Spring Boot and the Spring Framework. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

Spring Framework < 5.2.20 / 5.3.x < 5.3.18 Remote Code Execution (CVE-2022-22965)

The remote host contains a Spring Framework library version that is prior to 5.2.20 or 5.3.x prior to 5.3.18. It is, therefore, affected by a remote code execution vulnerability: - A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution RCE via data...

CVE-2022-27772

spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that...

CVE-2022-27772

spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that...

CVE-2022-27772

spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that...

Directory traversal

UNSUPPORTED WHEN ASSIGNED spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects...

CVE-2022-27772

CVE-2022-27772 : Spring Boot before v2.2.11.RELEASE is vulnerable to temporary directory hijacking via the method org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir. A local attacker could leverage this to escalate privileges or take over the application, as de...

CVE-2022-27772

spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that...

PT-2022-18576 · Spring +2 · Spring Boot +2

Name of the Vulnerable Software and Affected Versions: spring-boot versions prior to version v2.2.11.RELEASE Description: The issue is related to temporary directory hijacking, impacting the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. This...