The disclosure of a new vulnerability affecting the widely used Spring Java framework has led to concern that organizations may need to deal with a flaw similar to the notorious Log4Shell.
Spring, a VMware company, has been described as the world’s most popular Java framework. Spring is designed to increase speed and productivity by making Java programming easier.
The cybersecurity community was on high alert after a Chinese researcher recently made available a proof-of-concept (PoC) exploit for a remote code execution vulnerability affecting the Spring framework’s Core module on Wednesday, March 30, 2022.
While the PoC exploit released by the Chinese researcher does work, it only works against certain configurations and versions of Java 9 and newer. It’s still unclear how many applications are actually vulnerable to attacks.
According to Spring, these are the requirements for the specific scenario from the report:
- JDK 9 or higher
- Apache Tomcat as the Servlet container
- Packaged as a traditional WAR (in contrast to a Spring Boot executable jar)
- Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions
However, the nature of the vulnerability is more general, and there may be other ways to exploit it that have not been reported yet.
As we learn more about the implications of Spring4Shell, we will continue to update this blog with any and all pertinent information.
Update: Spring4Shell is now officially CVE-2022-22965.
Armis is Ready to Help
Existing Armis customers can check their network facing JDK version using “in:applications JDK” and “in:applications tomcat” in order to find vulnerable applications. Customers will need to check the version of the JDK application, as only JDK 9 and later will be vulnerable.
Update: An AQL query you could use to find potentially vulnerable devices with the Armis platform is
Not an Armis customer? No worries – We can still help! Armis offers a free Quick Asset Visibility Assessment with our agentless, cloud-based platform to help you find and identify assets with vulnerable Spring installations. Our platform works with your existing infrastructure to ensure you have a complete, real-time inventory you can rely on.
Staying Ahead of the Game
Mapping out your connected assets and understanding which of them can be impacted by this and other critical vulnerabilities helps IT and security teams respond to threats and improve the overall security posture.
The Armis platform’s asset visibility and intelligence can improve overall asset management, IT hygiene, threat detection and response, and even reduce costs. To find out more, contact us today.