Login
Get Access
Demo

blog

The Spring4Shell confusion

As the guys at LunaSec have already mentioned (https://www.lunasec.io/docs/blog/spring-rce-vulnerabilities/ ), there’s been a bit of confusion around “Spring4Shell” and similar vulnerabilities that have been reported almost at the same time.

On March 29th, 2022, two RCE vulnerabilities were being discussed on the internet. Most of the people talking about them believe they’re talking about “Spring4Shell” (CVE Added: CVE-2022-22965), but in reality they’re swapping notes about CVE-2022-22963.

LunaSec

We’d like to focus on this specific aspect in this post to keep things simple and clear.

  • Spring4Shell (CVE-2022-22965) is a Very Severe RCE vulnerability affecting Spring Core and its derivatives.
  • CVE-2022-22963 (no known name) is a less severe vulnerability that affects Spring Cloud Function.

To make matters a bit more confusing, there seems to have been reports of a third vulnerability affecting Spring’s deserialisation logic, but this turned out not to be exploitable.

So we have two vulnerabilities affecting related, but distinct, Spring libraries and both represent a serious weakness for any system using the affected versions under the required conditions.

The threat intel team at AppSec Phoenix has triggered the corresponding alerts in our platform so that anybody with applications potentially affected by the vulnerability gets the corresponding notifications.

Francesco Cipollone

Francesco Cipollone

Francesco is an internationally renowned public speaker, with multiple interviews in high-profile publications (eg. Forbes), and an author of numerous books and articles, who utilises his platform to evangelize the importance of Cloud security and cutting-edge technologies on a global scale.
1st April 2022
Francesco is an internationally renowned public speaker, with multiple interviews in high-profile publications (eg. Forbes), and an author of numerous books and articles, who utilises his platform to evangelize the importance of Cloud security and cutting-edge technologies on a global scale.

Discuss this blog with our community on Slack

Join our AppSec Phoenix community on Slack to discuss this blog and other news with our professional security team

Join Slack community
Linkedin-in Youtube Facebook-f Twitter Instagram

From our Blog

CVE-2023-47246 Lace Tempest Vulnerability SysAid Software Security Ransomware Group TA505 Zero-Day Exploit Alert Cybersecurity Threats 2023 Microsoft Security Insights Cl0p Ransomware SysAid Patch Update Cyber Vulnerability Analysis IT Management Software Security Path Traversal Exploit Gracewire Malware Phoenix Security Solutions Application Security Posture Management (ASPM) CISA Known Exploited Vulnerabilities Cybersecurity Incident Response Shodan Server Analysis Exploit in the Wild OWASP Application Security application secrutiy ransomware vulnerability vulnerability management
  • 13th November 2023

Zero-Day Alert: Lace Tempest CVE-2023-47246 Vulnerability in SysAid Software Exploited by Ransomware Group

Critical Alert: Discover the implications of the Lace Tempest CVE-2023-47246 vulnerability in SysAid software, exploited by the notorious ransomware group TA505 also known as cl0p. Learn path traversal flaw, Microsoft’s insights, and urgent patching advice. Stay informed on the latest in cybersecurity with Phoenix Security’s insights and solutions for mitigating this high-impact ransomware threat. Focus on your vulnerability management program and application security program
Francesco Cipollone

Join our Mailing list!

Get all the latest news, exclusive deals, and feature updates.

x Logo: ShieldPRO
This Site Is Protected By
ShieldPRO