The following two conditions are met at The same time to determine that it is affected by this vulnerability:
- JDK version number is 9 and above;
- using the spring framework or derived framework.
Alicloud already release TWO WAF rules to against this vulnerability:
If you are using Imperva WAF, you can create a custom Signatures to detect and trigger alerts:
Signature Name: springshell-rce-0-day-vulnerability – 1
Signature: part="class."
Protocols: http + https
Search Signature In: Headers + Parameters
https://www.cyberkendra.com/2022/03/springshell-rce-0-day-vulnerability.html