WlrmblogWALLARMLAB:9178CD01A603571D2C21329BF42F9BFDUpdate on 0-day vulnerabilities in Spring (Spring4Shell and CVE-2022-22963)
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
Quick update
- There are two vulnerabilities: one 0-day in Spring Core which is named Spring4Shell (very severe, exploited in the wild no CVE yet) and another one in Spring Cloud Function (less severe, CVE-2022-22963)
- Wallarm has rolled out the update to detect and mitigate both vulnerabilities
- No additional actions are required from the customers when using Wallarm in blocking mode
- When working in a monitoring mode, consider creating a virtual patch
Spring4Shell
Spring Framework is an extremely popular framework used by Java developers to build modern applications. If you rely on the Java stack itβs highly likely that your engineering teams use Spring. In some cases, it only takes one specially crafted request to exploit the vulnerability.
On March 29th, 2022, information about the POC 0-day exploit in the popular Java library Spring Core appeared on Twitter. Later it turned out that itβs two RCEs that are discussed and sometimes confused:
- RCE in "Spring Core" (Severe, no patch at the moment) - Spring4Shell
- RCE in "Spring Cloud Function" (Less severe, see the CVE)
The vulnerability allows an unauthenticated attacker to execute arbitrary code on the target system. Within some configurations, it only requires a threat actor to send a specific HTTP request to a vulnerable system. Other configurations may require additional effort and research by the attacker
At the time of writing, Spring4Shell is unpatched in the Spring Framework and there is a public proof-of-concept available. We see exploits in the wild.
Wallarm update
Wallarm automatically identifies attempts of the Spring4Shell exploitation and logs these attempts in the Wallarm Console.
Mitigation
When using Wallarm in blocking mode, these attacks will be automatically blocked. No actions are required.
When using a monitoring mode, we suggest creating a virtual patch. Feel free to reach out to [email protected] if you need assistance.
The post Update on 0-day vulnerabilities in Spring (Spring4Shell and CVE-2022-22963) appeared first on Wallarm.
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P