Lucene search
K

750 matches found

Vulnrichment
Vulnrichment
added 2022/04/01 12:0 a.m.8 views

CVE-2022-22963

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources...

9.6AI score0.99939EPSS
Exploits36References6
Fortinet
Fortinet
added 2022/04/01 12:0 a.m.332 views

CVE-2022-22965 and CVE-2022-22963 vulnerabilities

Two distinct spring project vulnerabilities where released recently with critical CVSS score and classified as zero-Day attacks. The two vulnerabilities are currently known as : CVE-2022-22965 or Spring4Shell: A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remot...

7.5CVSS8.5AI score0.99939EPSS
Exploits131Affected Software1
CISA
CISA
added 2022/04/01 12:0 a.m.97 views

Spring Releases Security Updates Addressing "Spring4Shell" and Spring Cloud Function Vulnerabilities

Spring by VMWare has released Spring Cloud Function versions 3.1.7 and 3.2.3 to address remote code execution RCE vulnerability CVE-2022-22963 as well as Spring Framework versions 5.3.18 and 5.2.20 to address RCE vulnerability CVE-2022-22965, known as “Spring4Shell.” A remote attacker could explo...

7.5CVSS2.3AI score0.99939EPSS
Exploits136References5
ATTACKERKB
ATTACKERKB
added 2022/04/01 12:0 a.m.43 views

CVE-2022-22963

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources. Recent assessments:...

9.8CVSS9.5AI score0.99939EPSS
In wildExploits36References7
Kitploit
Kitploit
added 2022/03/31 8:30 p.m.21 views

Spring-Spel-0Day-Poc - Spring-Cloud / spring-cloud-function, spring.cloud.function.routing-expression, RCE, 0day, 0-day, POC, EXP

spring-cloud/spring-cloud-function RCE EXP POC https://github.com/spring-cloud/spring-cloud-function header spring.cloud.function.routing-expression:Tjava.lang.Runtime.getRuntime.exec"open -a calculator.app" build wget...

7.4AI score
Exploits0References5
GithubExploit
GithubExploit
added 2022/03/31 8:19 p.m.399 views

Exploit for Code Injection in Vmware Spring_Cloud_Function

Spring CVE This includes CVE-2022-22963, a Spring SpEL / Expre...

9.8CVSS9.2AI score0.99939EPSS
Exploits131
Akamai Blog
Akamai Blog
added 2022/03/31 7:30 p.m.375 views

Spring Cloud Function SpEL Injection (CVE-2022-22963) Exploited in the Wild

Although Spring Cloud Functions are not as widespread as the Log4j library, and should provide a good separation from the hosting server, some draw the line between the two, due to the ease of exploitation over HTTP/s. This new vulnerability will definitely result in many threat actors launching...

9.8CVSS2.3AI score0.99939EPSS
Exploits36
RedhatCVE
RedhatCVE
added 2022/03/31 6:32 p.m.120 views

CVE-2022-22963

A flaw was found in Spring Cloud Function via the spring.cloud.function.routing-expression header that is modified by the attacker to contain malicious expression language code. The attacker is able to call functions that should not normally be accessible, including runtime exec calls. Mitigation...

9.8CVSS4.8AI score0.99939EPSS
Exploits36References5
Metasploit
Metasploit
added 2022/03/31 5:42 p.m.293 views

Spring Cloud Function SpEL Injection

Spring Cloud Function versions prior to 3.1.7 and 3.2.3 are vulnerable to remote code execution due to using an unsafe evaluation context with user-provided queries. By crafting a request to the application and setting the spring.cloud.function.routing-expression header, an unauthenticated attack...

9.8CVSS9.5AI score0.99939EPSS
Exploits36
GithubExploit
GithubExploit
added 2022/03/31 2:32 p.m.71 views

Exploit for Code Injection in Vmware Spring_Cloud_Function

Spring Cloud Function VulnerabilityCVE-2022-22963 Vulnerabl...

9.8CVSS8.5AI score0.99939EPSS
Exploits36
GithubExploit
GithubExploit
added 2022/03/31 11:14 a.m.263 views

Exploit for Code Injection in Vmware Spring_Cloud_Function

CVE-2022-22963 CVE-2022-22963 PoC Slight modified for Englis...

9.8CVSS9.6AI score0.99939EPSS
Exploits36
Veracode
Veracode
added 2022/03/31 1:51 a.m.135 views

Remote Code Execution

spring-cloud-function-context is vulnerable to remote code execution. The routing functionality allows a user to provide a malicious SpEL as a routing-expression which would allow arbitrary OS commands to be executed remotely...

9.8CVSS4.7AI score0.99939EPSS
Exploits36References7Affected Software2
0day.today
0day.today
added 2022/03/31 12:0 a.m.329 views

Spring Cloud Function SpEL Injection Exploit

Spring Cloud Function versions prior to 3.1.7 and 3.2.3 are vulnerable to remote code execution due to using an unsafe evaluation context with user-provided queries. By crafting a request to the application and setting the spring.cloud.function.routing-expression header, an unauthenticated attack...

9.8CVSS0.6AI score0.99939EPSS
Exploits36
Packet Storm
Packet Storm
added 2022/03/31 12:0 a.m.382 views

Spring Cloud Function SpEL Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Spring Cloud Function SpEL Injection', 'Description' = %q Spring Cloud Function versions prior to 3.1.7 and 3.2.3 are vulnerable to remote code...

0.2AI score0.99939EPSS
Exploits36
Tenable Nessus
Tenable Nessus
added 2022/03/31 12:0 a.m.417 views

Spring Cloud Function SPEL Expression Injection (direct check)

Binary data springcloudCVE-2022-22963.nbin...

9.8CVSS9.9AI score0.99939EPSS
Exploits36References4
Check Point Advisories
Check Point Advisories
added 2022/03/31 12:0 a.m.21 views

Spring Cloud Function Remote Code Execution (CVE-2022-22963)

A remote code execution vulnerability exists in Spring Cloud Function. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS5.6AI score0.99939EPSS
Exploits36
BDU FSTEC
BDU FSTEC
added 2022/03/31 12:0 a.m.6 views

The vulnerability of the Spring module routing mechanism, which facilitates business logic through Spring Cloud Function services, allows attackers to gain unauthorized access to local resources or cause service failures.

The vulnerability of the Spring module routing mechanism for promoting business logic using Spring Cloud Function is related to deficiencies in the process of eliminating special elements from the output data used by the incoming component. Exploiting this vulnerability can allow an attacker to...

6.4CVSS7.8AI score0.99939EPSS
Exploits36References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/03/31 12:0 a.m.53 views

Spring Cloud Function < 3.1.7 / 3.2.X < 3.2.3 Remote Code Execution

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in access to local resources. No source data...

9.8CVSS9.4AI score0.99939EPSS
Exploits36References3
GithubExploit
GithubExploit
added 2022/03/30 11:33 p.m.8 views

Exploit for Expression Language Injection in Vmware Spring_Cloud_Gateway

springclo...

10CVSS7.1AI score0.98253EPSS
Exploits54
GithubExploit
GithubExploit
added 2022/03/30 7:7 p.m.305 views

Exploit for Code Injection in Vmware Spring_Cloud_Function

PoC exploit for CVE-2022-22963, a Spring Core 0day vulnerability...

9.8CVSS9.9AI score0.99939EPSS
Exploits36
Rows per page
Query Builder