Thursday, March 31, 2022

SpringShell: Spring Core RCE 0-day Vulnerability (Another log4j2 level or even worst vulnerability if it is confirmed)

The following two conditions are met at The same time to determine that it is affected by this vulnerability:

 

  1. JDK version number is 9 and above;
  2. using the spring framework or derived framework.

 

Alicloud already release TWO WAF rules to against this vulnerability:

 

 

If you are using Imperva WAF, you can create a custom Signatures to detect and trigger alerts:

 

Signature Name: springshell-rce-0-day-vulnerability – 1

Signature: part="class."

Protocols: http + https

Search Signature In: Headers + Parameters

 

https://www.cyberkendra.com/2022/03/springshell-rce-0-day-vulnerability.html

https://vuldb.com/?id.196076

 

Print Friendly and PDF
Share/Bookmark
Posted by Billy Fung at 1:10 AM
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)