ClickCease
Mar 31, 2022

New Spring4Shell Vulnerability Has Organizations on High Alert in the Post-Log4j Era

red alert blog thumbnail

The disclosure of a new vulnerability affecting the widely used Spring Java framework has led to concern that organizations may need to deal with a flaw similar to the notorious Log4Shell.

Spring, a VMware company, has been described as the world’s most popular Java framework. Spring is designed to increase speed and productivity by making Java programming easier.

The cybersecurity community was on high alert after a Chinese researcher recently made available a proof-of-concept (PoC) exploit for a remote code execution vulnerability affecting the Spring framework’s Core module on Wednesday, March 30, 2022.

While the PoC exploit released by the Chinese researcher does work, it only works against certain configurations and versions of Java 9 and newer. It’s still unclear how many applications are actually vulnerable to attacks.

According to Spring, these are the requirements for the specific scenario from the report:

  • JDK 9 or higher
  • Apache Tomcat as the Servlet container
  • Packaged as a traditional WAR (in contrast to a Spring Boot executable jar)
  • spring-webmvc or spring-webflux dependency
  • Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions

However, the nature of the vulnerability is more general, and there may be other ways to exploit it that have not been reported yet.

As we learn more about the implications of Spring4Shell, we will continue to update this blog with any and all pertinent information.

Update: Spring4Shell is now officially CVE-2022-22965.

Armis is Ready to Help

Existing Armis customers can check their network facing JDK version using “in:applications JDK” and “in:applications tomcat” in order to find vulnerable applications. Customers will need to check the version of the JDK application, as only JDK 9 and later will be vulnerable.

Update: An AQL query you could use to find potentially vulnerable devices with the Armis platform is in:devices vulnerabilities:(id:CVE-2022-22965)

query result showing 470 applications

Not an Armis customer? No worries – We can still help! Armis offers a free Quick Asset Visibility Assessment with our agentless, cloud-based platform to help you find and identify assets with vulnerable Spring installations. Our platform works with your existing infrastructure to ensure you have a complete, real-time inventory you can rely on.

Staying Ahead of the Game

Mapping out your connected assets and understanding which of them can be impacted by this and other critical vulnerabilities helps IT and security teams respond to threats and improve the overall security posture.

The Armis platform’s asset visibility and intelligence can improve overall asset management, IT hygiene, threat detection and response, and even reduce costs. To find out more, contact us today.

Get Updates

Sign up to receive the latest from Armis.