← volver
CVE-2022-22965

CVE-2022-22965

CVSS 9.8 CRITICALEPSS 99.7%● KEVCWE-94
En resumen

Una vulnerabilidad en aplicaciones Spring MVC/WebFlux permite a atacantes ejecutar código arbitrario en el servidor a través de vinculación de datos en Java 9+. El riesgo es crítico cuando la aplicación se ejecuta en Tomcat como archivo WAR.

Detalle técnico

CVE-2022-22965 explota vinculación insegura de datos en Spring Framework en entornos JDK 9+, permitiendo ejecución remota de código mediante entrada maliciosa en endpoints Spring MVC/WebFlux. El ataque requiere implementación como WAR en Tomcat; las implementaciones JAR de Spring Boot no se ven afectadas. La explotación exitosa otorga a atacantes capacidad completa de ejecución remota de código sin autenticación.

Resumen generado y traducido por IA a partir de la descripción oficial.
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Productos afectados
n/a · Spring Framework
PoCs públicas encontradas100
githubgithub.com/BobTheShoplifter/Spring4Shell-POC377githubgithub.com/reznok/Spring4Shell-POC324githubgithub.com/tpt11fb/SpringVulScan154githubgithub.com/TheGejr/SpringShell131githubgithub.com/zangcc/CVE-2022-22965-rexbb102githubgithub.com/alt3kx/CVE-2022-22965101githubgithub.com/SecNN/SpringFramework_CVE-2022-22965_RCE72githubgithub.com/4nth0ny1130/spring4shell_behinder63githubgithub.com/Mr-xn/spring-core-rce50githubgithub.com/FourCoreLabs/spring4shell-exploit-poc44githubgithub.com/colincowie/Safer_PoC_CVE-2022-2296544githubgithub.com/tangxiaofeng7/CVE-2022-22965-Spring-Core-Rce39githubgithub.com/Kirill89/CVE-2022-22965-PoC32githubgithub.com/k3rwin/spring-core-rce28githubgithub.com/liangyueliangyue/spring-core-rce26githubgithub.com/p1ckzi/CVE-2022-2296523githubgithub.com/DDuarte/springshell-rce-poc19githubgithub.com/alt3kx/CVE-2022-22965_PoC17githubgithub.com/Bouquets-ai/CVE-2022-22965-GUItools17githubgithub.com/wjl110/CVE-2022-22965_Spring_Core_RCE16githubgithub.com/itsecurityco/CVE-2022-2296516githubgithub.com/me2nuk/CVE-2022-2296514githubgithub.com/viniciuspereiras/CVE-2022-22965-poc13githubgithub.com/fracturelabs/go-scan-spring12githubgithub.com/zer0yu/CVE-2022-2296512githubgithub.com/gpiechnik2/nmap-spring4shell8githubgithub.com/sunnyvale-it/CVE-2022-22965-PoC7githubgithub.com/Wrin9/CVE-2022-229657githubgithub.com/GuayoyoCyber/CVE-2022-229656githubgithub.com/wikiZ/springboot_CVE-2022-229656githubgithub.com/mariomamo/CVE-2022-229655githubgithub.com/nu0l/CVE-2022-229654githubgithub.com/Loneyers/Spring4Shell4githubgithub.com/khidottrivi/CVE-2022-229654githubgithub.com/wshon/spring-framework-rce4githubgithub.com/iloveflag/Fast-CVE-2022-229654githubgithub.com/netcode/Spring4shell-CVE-2022-22965-POC3githubgithub.com/likewhite/CVE-2022-229653githubgithub.com/0xrobiul/CVE-2022-229653githubgithub.com/CalumHutton/CVE-2022-22965-PoC_Payara3githubgithub.com/BKLockly/CVE-2022-229653githubgithub.com/twseptian/cve-2022-229652githubgithub.com/D1mang/Spring4Shell-CVE-2022-229652githubgithub.com/LudovicPatho/CVE-2022-22965_Spring4Shell2githubgithub.com/irgoncalves/irule-cve-2022-229652githubgithub.com/rwincey/spring4shell-CVE-2022-229652githubgithub.com/datawiza-inc/spring-rec-demo2githubgithub.com/bL34cHig0/Telstra-Cybersecurity-Virtual-Experience-2githubgithub.com/fracturelabs/spring4shell_victim2githubgithub.com/jakabakos/CVE-2022-22965-Spring4Shell2githubgithub.com/Snip3R69/spring-shell-vuln1githubgithub.com/cxzero/CVE-2022-22965-spring4shell1githubgithub.com/gokul-ramesh/Spring4Shell-PoC-exploit1githubgithub.com/lcarea/CVE-2022-229651githubgithub.com/mylo-2001/GhostStrike1githubgithub.com/helsecert/CVE-2022-229651githubgithub.com/Joe1sn/CVE-2022-229651githubgithub.com/clemoregan/SSE4-CVE-2022-229651githubgithub.com/c4mx/CVE-2022-22965_PoC1githubgithub.com/daniel0x00/Invoke-CVE-2022-22965-SafeCheck1githubgithub.com/salo-404/firewall1githubgithub.com/ESSAFAR/Firewall-Rules0githubgithub.com/xsxtw/SpringFramework_CVE-2022-22965_RCE0githubgithub.com/Aur3ns/Block-Spring4Shell0githubgithub.com/guigui237/Expoitation-de-la-vuln-rabilit-CVE-2022-229650githubgithub.com/jashan-lefty/Spring4Shell0githubgithub.com/brunoh6/web-threat-mitigation0githubgithub.com/osungjinwoo/CVE-2022-229650githubgithub.com/Nosie12/fire-wall-server0githubgithub.com/shoucheng3/spring-projects__spring-framework_CVE-2022-22965_5-2-19-RELEASE0githubgithub.com/NickoPS87/Spring4Shell-Python-Firewall-POC0githubgithub.com/xenosf/CS4239-Spring4Shell-POC0githubgithub.com/nhattanhh/CVE-2022-229650githubgithub.com/0xr1l3s/CVE-2022-229650githubgithub.com/suyash-R-K/dfir-malware-investigation0githubgithub.com/aditidutta696-dev/Spring4Shell-CVE-2022-22965-Exploitation-Attempt0githubgithub.com/0xBlackash/CVE-2022-229650githubgithub.com/felisha-elmer/Sandbox-Challenge-Spring4Shell-CVE-2022-22965-0githubgithub.com/Shakur1314/CVE-2022-22965-Spring4Shell-Security-Operations-Analysis0githubgithub.com/luoqianlin/CVE-2022-229650githubgithub.com/YUTING-HUANG0/Spring4Shell-CTF0githubgithub.com/mwojterski/cve-2022-229650githubgithub.com/mebibite/springhound0githubgithub.com/t3amj3ff/Spring4ShellPoC0githubgithub.com/march0n/PoC-CVE-2022-22965-Spring4Shell0githubgithub.com/fransvanbuul/CVE-2022-22965-susceptibility0githubgithub.com/te5t321/Spring4Shell-CVE-2022-22965.py0githubgithub.com/Omaraitbenhaddi/-Spring4Shell-CVE-2022-22965-0githubgithub.com/Enokiy/spring-RCE-CVE-2022-229650githubgithub.com/ClemExp/CVE-2022-22965-PoC0githubgithub.com/devengpk/CVE-2022-229650githubgithub.com/snicoll-scratches/spring-boot-cve-2022-229650githubgithub.com/ajith737/Spring4Shell-CVE-2022-22965-POC0githubgithub.com/c33dd/CVE-2022-229650githubgithub.com/ernestom-commits/jfrog-apptrust-demo0githubgithub.com/dbgee/Spring4Shell0githubgithub.com/sohamsharma966/Spring4Shell-CVE-2022-229650githubgithub.com/LucasPDiniz/CVE-2022-229650cve_referencepacketstormsecurity.com/files/166713/Spring4Shell-Code-Execution.htmlno verificadocve_referencepacketstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.htmlno verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.htmlhttp://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.htmlhttps://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdfhttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005https://tanzu.vmware.com/security/cve-2022-22965https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22965https://www.kb.cert.org/vuls/id/970766https://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.oracle.com/security-alerts/cpujul2022.html