Giter Club home page Giter Club logo

spring4shell's Introduction

spring4shell

Operational information regarding the Spring4Shell vulnerability (CVE-2022-22965) in the Spring Core Framework.

Repository contents

  • README.md: contains general information and detection and mitigation measures
  • software/README.md: contains a list of known vulnerable and not vulnerable software.

NCSC-NL has published a HIGH/HIGH advisory for the Spring4shell vulnerability. Normally we would update a HIGH/HIGH advisory for vulnerable software packages, however due to the expected number of updates we have created a list of known vulnerable software in the software directory.

Mitigation measures

Patches re available through Spring.io:

  • Spring Framework versions 5.3.18 and 5.2.20
  • Spring Boot versions 2.5.12 and 2.6.6
  • Tomcat versions 10.0.20, 9.0.62, and 8.5.78

Mitigation by vendors

Vendor Product Type Link
Cisco AMP Endpoint https://blog.talosintelligence.com/2022/03/threat-advisory-spring4shell.html
Cisco Secure Email Mail protection https://blog.talosintelligence.com/2022/03/threat-advisory-spring4shell.html
Cisco Secure Firewall IPS https://blog.talosintelligence.com/2022/03/threat-advisory-spring4shell.html
Cisco SNORT (SID 30790-30793, 59388, and 59416) IDS/IPS https://blog.talosintelligence.com/2022/03/threat-advisory-spring4shell.html
Cisco Malware Analytics Malware Analysis https://blog.talosintelligence.com/2022/03/threat-advisory-spring4shell.html
Cisco Secure Web Appliance WAF https://blog.talosintelligence.com/2022/03/threat-advisory-spring4shell.html
Cloudflare WAF WAF https://blog.cloudflare.com/waf-mitigations-sping4shell/
F5 Big-IP WAF https://support.f5.com/csp/article/K24912123
Fortinet FortiGate IPS https://www.fortiguard.com/outbreak-alert/spring4shell-vulnerability
Fortinet FortiSASE IPS https://www.fortiguard.com/outbreak-alert/spring4shell-vulnerability
Fortinet FortiADC IPS https://www.fortiguard.com/outbreak-alert/spring4shell-vulnerability
Fortinet FortiProxy IPS https://www.fortiguard.com/outbreak-alert/spring4shell-vulnerability
Fortinet FortiAnalyzer Outbreak Detection https://www.fortiguard.com/outbreak-alert/spring4shell-vulnerability
PaloAltoNetworks Next-Generation Firewall IPS https://unit42.paloaltonetworks.com/cve-2022-22965-springshell/
Trend Micro Cloud One IPS https://success.trendmicro.com/dcx/s/solution/000290730?language=en_US
Trend Micro Deep Discovery Inspector IDS/IPS https://success.trendmicro.com/dcx/s/solution/000290730?language=en_US

Detection

This table contains an overview of local scanning tools regarding the Spring4shell vulnerability and helps to find vulnerable software.

NCSC-NL has not verified the scanning tools listed below and therefore cannot guarantee the validity of said tools. However NCSC-NL strives to provide scanning tools from reliable sources.

Note Links
jfrog Spring tools https://github.com/jfrog/jfrog-spring-tools
Hilko Bengen - Local Spring vulnerability scanner https://github.com/hillu/local-spring-vuln-scanner
Remco Verhoef - Spring4shell scanner https://github.com/dtact/spring4shell-scanner
Tenable Nessus Spring4shell vulnerability scanner https://www.tenable.com/blog/spring4shell-faq-spring-framework-remote-code-execution-vulnerability
Qualys Scanner/Cloud Agent https://blog.qualys.com/vulnerabilities-threat-research/2022/03/31/spring-framework-zero-day-remote-code-execution-spring4shell-vulnerability
Nuclei Spring4shell template https://github.com/projectdiscovery/nuclei-templates/blob/master/cves/2022/CVE-2022-22965.yaml

The following IPs were observed as scanning IPs for this vulnerability: Scanning IPs

Next to scanning tools, the following detection rulesets and queries can help to find exploitation/webshells in your network.

Note Links
Neo23x0s detection yara rules https://github.com/Neo23x0/signature-base/blob/master/yara/expl_spring4shell.yar
West-wind Splunk queries https://github.com/west-wind/Spring4Shell-Detection

Contributions welcome

If you have any additional information to share relevant to the Spring4shell vulnerability, please feel free to open a Pull request. New to this? Read how to contribute in GitHub's documentation.

spring4shell's People

Contributors

sannemaasakkers avatar pbeij avatar vcartman avatar dev-ncsc-nl avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.