Lucene search
K

1889 matches found

CISA
CISA
added 2022/04/01 12:0 a.m.97 views

Spring Releases Security Updates Addressing "Spring4Shell" and Spring Cloud Function Vulnerabilities

Spring by VMWare has released Spring Cloud Function versions 3.1.7 and 3.2.3 to address remote code execution RCE vulnerability CVE-2022-22963 as well as Spring Framework versions 5.3.18 and 5.2.20 to address RCE vulnerability CVE-2022-22965, known as “Spring4Shell.” A remote attacker could explo...

7.5CVSS2.3AI score0.99939EPSS
Exploits136References5
Vaadin
Vaadin
added 2022/04/01 12:0 a.m.79 views

Spring Core Remote Code Execution via Data Binding on JDK 9+

A remote code execution RCE vulnerability was discovered in the Spring framework, affecting at least Spring versions 4.x and 5.x. A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution RCE via data binding. The specific exploit requires the...

9.8CVSS0.6AI score0.99677EPSS
Exploits100References2
GithubExploit
GithubExploit
added 2022/03/31 7:19 p.m.460 views

Exploit for Code Injection in Vmware Spring_Framework

CVE-2022-22965 poc CVE-2022-22965 poc including reverse-shell...

9.8CVSS9.1AI score0.99677EPSS
Exploits100
RedhatCVE
RedhatCVE
added 2022/03/31 6:32 p.m.132 views

CVE-2022-22965

A flaw was found in Spring Framework, specifically within two modules called Spring MVC and Spring WebFlux, transitively affected from Spring Beans, using parameter data binding. This flaw allows an attacker to pass specially-constructed malicious requests to certain parameters and possibly gain...

9.8CVSS8.4AI score0.99677EPSS
Exploits100References8
Github Security Blog
Github Security Blog
added 2022/03/31 6:30 p.m.1626 views

Remote Code Execution in Spring Framework

Spring Framework prior to versions 5.2.20 and 5.3.18 contains a remote code execution vulnerability known as Spring4Shell. Impact A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution RCE via data binding. The specific exploit requires the...

9.8CVSS1.8AI score0.99677EPSS
Exploits100References18Affected Software5
OSV
OSV
added 2022/03/31 6:30 p.m.11 views

GHSA-36P3-WJMG-H94X Remote Code Execution in Spring Framework

Spring Framework prior to versions 5.2.20 and 5.3.18 contains a remote code execution vulnerability known as Spring4Shell. Impact A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution RCE via data binding. The specific exploit requires the...

9.8CVSS7.4AI score0.99677EPSS
Exploits100References18
vulnersOsv
vulnersOsv
added 2022/03/31 6:30 p.m.9 views

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +41106 more potentially affected by CVE-2022-22965 via org.springframework:spring-beans (>=1.2 <=5.2.1.RELEASE)

org.springframework:spring-beans MAVEN version =1.2, =1.1, =1.3, =0.0.1, =4.4.0.0, =0.1.12, =0.1.6, =0.1.8, =0.1.6, =0.1.2, =0.0.6, =0.0.11, =0.0.16, =0.0.1, =0.0.51 and more Source cves: CVE-2022-22965 Source advisory: OSV:GHSA-36P3-WJMG-H94X...

9.8CVSS7.1AI score0.99677EPSS
Exploits100
GithubExploit
GithubExploit
added 2022/03/31 6:9 p.m.221 views

Exploit for Code Injection in Vmware Spring_Framework

Simple Spring4Shell POC ----------------------- Check if end...

9.8CVSS9AI score0.99677EPSS
Exploits100
GithubExploit
GithubExploit
added 2022/03/31 4:58 p.m.407 views

Exploit for Code Injection in Vmware Spring_Framework

SaferPoCCVE-2022-22965 A Safer PoC for CVE-2022-22965 Sprin...

9.8CVSS9.2AI score0.99677EPSS
Exploits100
GithubExploit
GithubExploit
added 2022/03/31 4:14 p.m.330 views

Exploit for Code Injection in Vmware Spring_Framework

CVE-2022-22965 aka "Spring4Shell" Vulnerabilidad RCE en Spri...

9.8CVSS9AI score0.99939EPSS
Exploits136
GithubExploit
GithubExploit
added 2022/03/31 3:43 p.m.357 views

Exploit for Code Injection in Vmware Spring_Framework

Spring Framework RCE exploitation Quick pentest notes...

9.8CVSS8.9AI score0.99677EPSS
Exploits100
The Hacker News
The Hacker News
added 2022/03/31 3:35 p.m.99 views

Security Patch Releases for Critical Zero-Day Bug in Java Spring Framework

The maintainers of Spring Framework have released an emergency patch to address a newly disclosed remote code execution flaw that, if successfully exploited, could allow an unauthenticated attacker to take control of a targeted system. Tracked as CVE-2022-22965, the high-severity flaw impacts...

9.8CVSS0.99677EPSS
Exploits100
Imperva Blog
Imperva Blog
added 2022/03/31 3:20 p.m.282 views

Imperva Protects from New Spring Framework Zero-Day Vulnerabilities

New zero-day Remote Code Execution RCE vulnerabilities were discovered in Spring Framework, an application development framework and inversion of control container for the Java platform. The vulnerability potentially leaves millions of applications at risk of compromise. In two separate...

7.5CVSS1.7AI score0.99939EPSS
Exploits160
GithubExploit
GithubExploit
added 2022/03/31 3:1 p.m.322 views

Exploit for Code Injection in Vmware Spring_Framework

Spring4Shell Exploit POC Exploit a Spring Application vulnera...

9.8CVSS9.1AI score0.99677EPSS
Exploits100
GithubExploit
GithubExploit
added 2022/03/31 1:21 p.m.486 views

Exploit for Code Injection in Vmware Spring_Framework

CVE-2022-22965 PoC Minimal example of how to reproduce CVE-20...

9.8CVSS9.2AI score0.99677EPSS
Exploits100
GithubExploit
GithubExploit
added 2022/03/31 1:2 p.m.324 views

Exploit for Code Injection in Vmware Spring_Framework

spring-core-rce Spring Core RCE – Simple exploitation Can...

9.8CVSS7AI score0.99677EPSS
Exploits100
Akamai Blog
Akamai Blog
added 2022/03/31 1:0 p.m.18 views

Mitigating Spring Core “Spring4Shell” Zero-Day

When Spring, the Java-based application, fell victim to cyberattacks, Akamai's Adaptive Security Engine detected zero-day attacks and protected customers against them...

7AI score
Exploits0
GithubExploit
GithubExploit
added 2022/03/31 12:41 p.m.260 views

Exploit for Code Injection in Vmware Spring_Framework

Spring Core RCE/CVE-2022-22965 Impacted versions: Spring fr...

9.8CVSS7AI score0.99677EPSS
Exploits100
Spring Security Advisories
Spring Security Advisories
added 2022/03/31 10:27 a.m.189 views

Spring Framework RCE, Early Announcement

Updates 04-13 "Data Binding Rules Vulnerability CVE-2022-22968" follow-up blog post published, related to the "disallowedFields" from the Suggested Workarounds 04-08 Snyk announces an additional attack vector for Glassfish and Payara. See also related Payara, upcoming release announcement 04-04...

7.5CVSS8AI score0.99677EPSS
Exploits102
Qualys Blog
Qualys Blog
added 2022/03/31 9:0 a.m.494 views

Spring Framework Zero-Day Remote Code Execution (Spring4Shell) Vulnerability

This page last updated: April 7th A new zero-day Remote Code Execution RCE vulnerability, “Spring4Shell” or “SpringShell” was disclosed in the Spring framework. An unauthorized attacker can exploit this vulnerability to remotely execute arbitrary code on the target device. What is Spring Framewor...

7.5CVSS0.2AI score0.99939EPSS
Exploits131
Rows per page
Query Builder