CVE-2022-22965
CVE-2022-22965
Em resumo
Uma falha em aplicações Spring MVC/WebFlux permite que atacantes executem código arbitrário no servidor através de vinculação de dados em Java 9+. O risco é crítico quando o aplicativo roda no Tomcat como um arquivo WAR.
Detalhe técnico
CVE-2022-22965 explora vinculação insegura de dados no Spring Framework em ambientes JDK 9+, permitindo execução remota de código via entrada maliciosa em endpoints Spring MVC/WebFlux. O ataque requer implantação como WAR no Tomcat; implantações em JAR do Spring Boot não são afetadas. A exploração bem-sucedida concede aos atacantes capacidade completa de execução remota de código não autenticado.
Resumo gerado e traduzido por IA a partir da descrição oficial.
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
n/a · Spring FrameworkPoCs públicas encontradas — 100
githubgithub.com/BobTheShoplifter/Spring4Shell-POC★ 377githubgithub.com/reznok/Spring4Shell-POC★ 324githubgithub.com/tpt11fb/SpringVulScan★ 154githubgithub.com/TheGejr/SpringShell★ 131githubgithub.com/zangcc/CVE-2022-22965-rexbb★ 102githubgithub.com/alt3kx/CVE-2022-22965★ 101githubgithub.com/SecNN/SpringFramework_CVE-2022-22965_RCE★ 72githubgithub.com/4nth0ny1130/spring4shell_behinder★ 63githubgithub.com/Mr-xn/spring-core-rce★ 50githubgithub.com/FourCoreLabs/spring4shell-exploit-poc★ 44githubgithub.com/colincowie/Safer_PoC_CVE-2022-22965★ 44githubgithub.com/tangxiaofeng7/CVE-2022-22965-Spring-Core-Rce★ 39githubgithub.com/Kirill89/CVE-2022-22965-PoC★ 32githubgithub.com/k3rwin/spring-core-rce★ 28githubgithub.com/liangyueliangyue/spring-core-rce★ 26githubgithub.com/p1ckzi/CVE-2022-22965★ 23githubgithub.com/DDuarte/springshell-rce-poc★ 19githubgithub.com/alt3kx/CVE-2022-22965_PoC★ 17githubgithub.com/Bouquets-ai/CVE-2022-22965-GUItools★ 17githubgithub.com/wjl110/CVE-2022-22965_Spring_Core_RCE★ 16githubgithub.com/itsecurityco/CVE-2022-22965★ 16githubgithub.com/me2nuk/CVE-2022-22965★ 14githubgithub.com/viniciuspereiras/CVE-2022-22965-poc★ 13githubgithub.com/fracturelabs/go-scan-spring★ 12githubgithub.com/zer0yu/CVE-2022-22965★ 12githubgithub.com/gpiechnik2/nmap-spring4shell★ 8githubgithub.com/sunnyvale-it/CVE-2022-22965-PoC★ 7githubgithub.com/Wrin9/CVE-2022-22965★ 7githubgithub.com/GuayoyoCyber/CVE-2022-22965★ 6githubgithub.com/wikiZ/springboot_CVE-2022-22965★ 6githubgithub.com/mariomamo/CVE-2022-22965★ 5githubgithub.com/nu0l/CVE-2022-22965★ 4githubgithub.com/Loneyers/Spring4Shell★ 4githubgithub.com/khidottrivi/CVE-2022-22965★ 4githubgithub.com/wshon/spring-framework-rce★ 4githubgithub.com/iloveflag/Fast-CVE-2022-22965★ 4githubgithub.com/netcode/Spring4shell-CVE-2022-22965-POC★ 3githubgithub.com/likewhite/CVE-2022-22965★ 3githubgithub.com/0xrobiul/CVE-2022-22965★ 3githubgithub.com/CalumHutton/CVE-2022-22965-PoC_Payara★ 3githubgithub.com/BKLockly/CVE-2022-22965★ 3githubgithub.com/twseptian/cve-2022-22965★ 2githubgithub.com/D1mang/Spring4Shell-CVE-2022-22965★ 2githubgithub.com/LudovicPatho/CVE-2022-22965_Spring4Shell★ 2githubgithub.com/irgoncalves/irule-cve-2022-22965★ 2githubgithub.com/rwincey/spring4shell-CVE-2022-22965★ 2githubgithub.com/datawiza-inc/spring-rec-demo★ 2githubgithub.com/bL34cHig0/Telstra-Cybersecurity-Virtual-Experience-★ 2githubgithub.com/fracturelabs/spring4shell_victim★ 2githubgithub.com/jakabakos/CVE-2022-22965-Spring4Shell★ 2githubgithub.com/Snip3R69/spring-shell-vuln★ 1githubgithub.com/cxzero/CVE-2022-22965-spring4shell★ 1githubgithub.com/gokul-ramesh/Spring4Shell-PoC-exploit★ 1githubgithub.com/lcarea/CVE-2022-22965★ 1githubgithub.com/mylo-2001/GhostStrike★ 1githubgithub.com/helsecert/CVE-2022-22965★ 1githubgithub.com/Joe1sn/CVE-2022-22965★ 1githubgithub.com/clemoregan/SSE4-CVE-2022-22965★ 1githubgithub.com/c4mx/CVE-2022-22965_PoC★ 1githubgithub.com/daniel0x00/Invoke-CVE-2022-22965-SafeCheck★ 1githubgithub.com/salo-404/firewall★ 1githubgithub.com/ESSAFAR/Firewall-Rules★ 0githubgithub.com/xsxtw/SpringFramework_CVE-2022-22965_RCE★ 0githubgithub.com/Aur3ns/Block-Spring4Shell★ 0githubgithub.com/guigui237/Expoitation-de-la-vuln-rabilit-CVE-2022-22965★ 0githubgithub.com/jashan-lefty/Spring4Shell★ 0githubgithub.com/brunoh6/web-threat-mitigation★ 0githubgithub.com/osungjinwoo/CVE-2022-22965★ 0githubgithub.com/Nosie12/fire-wall-server★ 0githubgithub.com/shoucheng3/spring-projects__spring-framework_CVE-2022-22965_5-2-19-RELEASE★ 0githubgithub.com/NickoPS87/Spring4Shell-Python-Firewall-POC★ 0githubgithub.com/xenosf/CS4239-Spring4Shell-POC★ 0githubgithub.com/nhattanhh/CVE-2022-22965★ 0githubgithub.com/0xr1l3s/CVE-2022-22965★ 0githubgithub.com/suyash-R-K/dfir-malware-investigation★ 0githubgithub.com/aditidutta696-dev/Spring4Shell-CVE-2022-22965-Exploitation-Attempt★ 0githubgithub.com/0xBlackash/CVE-2022-22965★ 0githubgithub.com/felisha-elmer/Sandbox-Challenge-Spring4Shell-CVE-2022-22965-★ 0githubgithub.com/Shakur1314/CVE-2022-22965-Spring4Shell-Security-Operations-Analysis★ 0githubgithub.com/luoqianlin/CVE-2022-22965★ 0githubgithub.com/YUTING-HUANG0/Spring4Shell-CTF★ 0githubgithub.com/mwojterski/cve-2022-22965★ 0githubgithub.com/mebibite/springhound★ 0githubgithub.com/t3amj3ff/Spring4ShellPoC★ 0githubgithub.com/march0n/PoC-CVE-2022-22965-Spring4Shell★ 0githubgithub.com/fransvanbuul/CVE-2022-22965-susceptibility★ 0githubgithub.com/te5t321/Spring4Shell-CVE-2022-22965.py★ 0githubgithub.com/Omaraitbenhaddi/-Spring4Shell-CVE-2022-22965-★ 0githubgithub.com/Enokiy/spring-RCE-CVE-2022-22965★ 0githubgithub.com/ClemExp/CVE-2022-22965-PoC★ 0githubgithub.com/devengpk/CVE-2022-22965★ 0githubgithub.com/snicoll-scratches/spring-boot-cve-2022-22965★ 0githubgithub.com/ajith737/Spring4Shell-CVE-2022-22965-POC★ 0githubgithub.com/c33dd/CVE-2022-22965★ 0githubgithub.com/ernestom-commits/jfrog-apptrust-demo★ 0githubgithub.com/dbgee/Spring4Shell★ 0githubgithub.com/sohamsharma966/Spring4Shell-CVE-2022-22965★ 0githubgithub.com/LucasPDiniz/CVE-2022-22965★ 0cve_referencepacketstormsecurity.com/files/166713/Spring4Shell-Code-Execution.htmlnão verificadocve_referencepacketstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.htmlnão verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.htmlhttp://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.htmlhttps://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdfhttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005https://tanzu.vmware.com/security/cve-2022-22965https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22965https://www.kb.cert.org/vuls/id/970766https://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.oracle.com/security-alerts/cpujul2022.html