{"id":24039,"date":"2022-04-09T23:50:02","date_gmt":"2022-04-09T21:50:02","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=24039"},"modified":"2022-06-23T21:05:06","modified_gmt":"2022-06-23T19:05:06","slug":"spring4shell-sicherheitslcken-in-java-spring-framework","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2022\/04\/09\/spring4shell-sicherheitslcken-in-java-spring-framework\/","title":{"rendered":"Spring4Shell: Vulnerabilities in Java Spring Framework"},"content":{"rendered":"<p><img decoding=\"async\" title=\"Sicherheit (Pexels, allgemeine Nutzung)\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" alt=\"Sicherheit (Pexels, allgemeine Nutzung)\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2021\/04\/Sicherheit_klein.jpg\" width=\"200\">[<a href=\"https:\/\/www.borncity.com\/blog\/2022\/04\/09\/spring4shell-sicherheitslcken-in-java-spring-framework\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]Security researchers from Check Point have discovered multiple vulnerabilities in the popular Java Spring Framework developer environment. The vulnerabilities are now being used for attacks, and according to Check Point, 16 percent of all organizations worldwide were affected after just four days. Immediate updating of affected products is strongly recommended.<\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/vg02.met.vgwort.de\/na\/4539f21307c040f4b48af577e677905e\" width=\"1\" height=\"1\">I had already reported about these and vulnerabilities as of April 6, 2022, in the blog post <a href=\"https:\/\/web.archive.org\/web\/20220407155648\/https:\/\/borncity.com\/win\/2022\/04\/07\/vmware-reagiert-auf-die-spring4shell-rce-schwachstelle-cve-2022-22965\/\">VMware patches Spring4Shell RCE vulnerability CVE-2022-22965<\/a>.<\/p>\n<h2>The Spring4Shell vulnerabilities<\/h2>\n<p>Security researchers at Check Point Research (CPR) are warning all users of the popular Java Spring Framework developer environment about the newly discovered vulnerabilities. After the Log4J vulnerability, the vulnerabilities were named Spring4Shell. The following vulnerabilities, affecting customers in the US and Europe, have been officially registered under this term:  <\/p>\n<ul>\n<li><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-22947\" target=\"_blank\" rel=\"noopener\">CVE-2022-22947<\/a> &#8211; <a href=\"https:\/\/tanzu.vmware.com\/security\/cve-2022-22947\" target=\"_blank\" rel=\"noopener\">official VMware post<\/a>\n<li><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-22963\" target=\"_blank\" rel=\"noopener\">CVE-2022-22963<\/a> &#8211; <a href=\"https:\/\/spring.io\/blog\/2022\/03\/29\/cve-report-published-for-spring-cloud-function\" target=\"_blank\" rel=\"noopener\">official Spring project post<\/a>\n<li><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-22965\" target=\"_blank\" rel=\"noopener\">CVE-2022-22965<\/a> &#8211; <a href=\"https:\/\/spring.io\/blog\/2022\/03\/31\/spring-framework-rce-early-announcement\" target=\"_blank\" rel=\"noopener\">official Spring project post<\/a><\/li>\n<\/ul>\n<p>Security researchers observed several indicators of injection\/remote code execution as an attack path for Spring4Shell. Europe in particular is under fire, according to the security researchers. According to Check Point, 20 percent of organizations are said to be at risk because of Spring4Shell. Software vendors make up the largest group globally at 28 percent. A message from the security vendor said 16 percent of all organizations worldwide were affected after just four days.  <\/p>\n<p><img decoding=\"async\" title=\"Spring4Shell Attacks\" alt=\"Spring4Shell Attacks\" src=\"https:\/\/i.imgur.com\/Q7w5qSH.png\"><br \/>Spring4Shell&nbsp; attacks, source: Check Point  <\/p>\n<p>Microsoft has published <a href=\"https:\/\/msrc-blog.microsoft.com\/2022\/04\/05\/microsofts-response-to-cve-2022-22965-spring-framework\/\" target=\"_blank\" rel=\"noopener\">this article<\/a> about Spring4Shell vulnerabilities. The colleagues at Bleeping Computer mention <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/microsoft-detects-spring4shell-attacks-across-its-cloud-services\/\" target=\"_blank\" rel=\"noopener\">here<\/a>, that Microsoft's ongoing attacks have discovered Spring4Shell exploits being used against Microsoft's cloud infrastructure. So far, however, no successful attack has been detected, as Microsoft has patched the software. CISA is also <a href=\"https:\/\/www.cisa.gov\/uscert\/ncas\/current-activity\/2022\/04\/04\/cisa-adds-four-known-exploited-vulnerabilities-catalog\" target=\"_blank\" rel=\"noopener\">warning<\/a> about these vulnerabilities.&nbsp;&nbsp; <\/p>\n<p>The developers have <a href=\"https:\/\/spring.io\/blog\/2022\/03\/31\/spring-framework-rce-early-announcement\" target=\"_blank\" rel=\"noopener\">released<\/a> Java Spring Framework versions 5.3.18 and 5.2.20, as well as Spring Boot 2.5.12, which successfully fix the RCE issue. The Check Point security researchers recommend updating the Java Spring Framework to the latest version immediately to close the vulnerabilities. The issue for end users is that vendors of software products that use the Java Spring Framework must provide the relevant product updates. In doing so, following the Spring Project's guide is advised. A detailed overview of Check Point's observations on Spring4Shell can be found in <a href=\"https:\/\/blog.checkpoint.com\/2022\/04\/05\/16-of-organizations-worldwide-impacted-by-spring4shell-zero-day-vulnerability-exploitation-attempts-since-outbreak\/\" target=\"_blank\" rel=\"noopener\">this article<\/a>. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]Security researchers from Check Point have discovered multiple vulnerabilities in the popular Java Spring Framework developer environment. The vulnerabilities are now being used for attacks, and according to Check Point, 16 percent of all organizations worldwide were affected after just &hellip; <a href=\"https:\/\/borncity.com\/win\/2022\/04\/09\/spring4shell-sicherheitslcken-in-java-spring-framework\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580],"tags":[69],"class_list":["post-24039","post","type-post","status-publish","format-standard","hentry","category-security","tag-security"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/24039","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=24039"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/24039\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=24039"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=24039"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=24039"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}