[MART] - Daily Diary #489 - Spring4Shell Vulnerability Explored In The Wild

CTAS-MAT ctas-mat at appgate.com
Mon Apr 11 23:01:45 UTC 2022 

Hello,

I hope everyone is doing well!

Below is the entry for today.

04/11/2022 - Diary entry #489:

On March 31 this year, a remote code execution (RCE) vulnerability was disclosed affecting another Java-based application logging library. Tracked as CVE-2022-22965 and named Spring4Shell, it affects any system using JDK 9.0 or later and using the Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and earlier versions.

Before the vulnerability became public, some activities were already spotted exploring it like some webshells. Less than one day after, a variant of Mirai Botnet - already covered by many of our Daily Diaries - has been observed targeting Spring4Shell in vulnerable systems to download and execute the malware.

Since Spring4Shell exploit is as easy to exploit as Log4Shell (covered in Daily Diary #414), it was a matter of time to see threat actors exploring it on large scale. Spring4Shell has also a huge attack surface, with some estimations saying that 16% of organizations around the world, especially the software industry, were impacted.

Therefore, we recommend all organizations using Java applications to keep their systems up-to-date and perform frequent pentest/red team assessments to prepare and protect against real-life scenarios.

Kind Regards,

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png]<https://www.appgate.com/>

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>



Felipe Tarijon de Almeida
Malware Analyst
Appgate

E: felipe.tarijon at appgate.com<mailto:felipe.tarijon at appgate.com>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20220411/a769595a/attachment.htm>

More information about the MART mailing list