[German]A vulnerability called Spring4Shell in the Java Spring Framework has been known for a few days. VMware has been providing patches for its products since the beginning of April 2022. It is now known that the Mirai botnet exploits the Spring4Shell vulnerability to infect systems. In addition, I came across a brief analysis from Trend Micro on the Spring4Shell vulnerability.
Advertising
The Spring4Shell vulnerabilities
Security researchers at Check Point have discovered several vulnerabilities in the popular Java Spring Framework developer environment. The term Spring4Shell covers the following vulnerabilities:
- CVE-2022-22947 – official VMware post
- CVE-2022-22963 – official Spring project post
- CVE-2022-22965 – official Spring project post
Security researchers observed several indicators of injection/remote code execution as an attack path for Spring4Shell. Europe in particular is under fire, according to the security researchers. According to Check Point, 20 percent of organizations are said to be at risk because of Spring4Shell. Software vendors make up the largest group globally at 28 percent. A message from the security vendor said 16 percent of all organizations worldwide were affected after just four days. I had reported on this in the blog post Spring4Shell: Vulnerabilities in Java Spring Framework. There are already corresponding patches from VMware (see links at the end of the article).
Mirai botnet uses Spring4Shell
The colleagues at Bleeping Computer warn in the following tweet as well as in this article that the Mirai malware is already abusing Spring4Shell vulnerabilities to infect systems.
The observed active exploitation of the vulnerabilities could be seen a few days ago. What stands out is that the attacks are concentrated on vulnerable web servers in Singapore. This suggests that the whole thing might be a preliminary testing phase. It is conceivable that the threat actors will try the operation worldwide at a later stage.
Advertising
Spring4Shell analysis by Trend Micro
Security vendor Trend Micro took a closer look at the Spring4Shell vulnerabilities and subsequently published an analysis, which they point out in the following tweet and in this article.
To learn about the vulnerabilities, reading the article might be helpful.
Similar articles:
Spring4Shell: Vulnerabilities in Java Spring Framework
VMware patches Spring4Shell RCE vulnerability CVE-2022-22965
Warning: Critical Vulnerabilities in VMware Products (April 6, 2022)
Advertising