{"id":24114,"date":"2022-04-16T00:14:00","date_gmt":"2022-04-15T22:14:00","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=24114"},"modified":"2022-06-23T21:05:06","modified_gmt":"2022-06-23T19:05:06","slug":"spring4shell-schwachstelle-analyse-und-bedrohung-durch-mirai-botnet","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2022\/04\/16\/spring4shell-schwachstelle-analyse-und-bedrohung-durch-mirai-botnet\/","title":{"rendered":"Spring4Shell Vulnerability: Analysis and Mirai Botnet uses Spring4Shell"},"content":{"rendered":"<p><img decoding=\"async\" title=\"Sicherheit (Pexels, allgemeine Nutzung)\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" alt=\"Sicherheit (Pexels, allgemeine Nutzung)\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2021\/04\/Sicherheit_klein.jpg\" width=\"200\" align=\"left\">[<a href=\"https:\/\/www.borncity.com\/blog\/?p=264387\" target=\"_blank\" rel=\"noopener\">German<\/a>]A vulnerability called Spring4Shell in the Java Spring Framework has been known for a few days. VMware has been providing patches for its products since the beginning of April 2022. It is now known that the Mirai botnet exploits the Spring4Shell vulnerability to infect systems. In addition, I came across a brief analysis from Trend Micro on the Spring4Shell vulnerability.<\/p>\n<p><!--more--><\/p>\n<h2>The Spring4Shell vulnerabilities<\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/vg02.met.vgwort.de\/na\/54cdfcbcba1347098bddba76a9c63d02\" width=\"1\" height=\"1\">Security researchers at Check Point have discovered several vulnerabilities in the popular Java Spring Framework developer environment. The term <em>Spring4Shell <\/em>covers the following vulnerabilities:<\/p>\n<ul>\n<li><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-22947\" target=\"_blank\" rel=\"noopener\">CVE-2022-22947<\/a> \u2013 <a href=\"https:\/\/tanzu.vmware.com\/security\/cve-2022-22947\" target=\"_blank\" rel=\"noopener\">official VMware post<\/a>\n<li><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-22963\" target=\"_blank\" rel=\"noopener\">CVE-2022-22963<\/a> \u2013 <a href=\"https:\/\/spring.io\/blog\/2022\/03\/29\/cve-report-published-for-spring-cloud-function\" target=\"_blank\" rel=\"noopener\">official Spring project post<\/a>\n<li><a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-22965\" target=\"_blank\" rel=\"noopener\">CVE-2022-22965<\/a> \u2013 <a href=\"https:\/\/spring.io\/blog\/2022\/03\/31\/spring-framework-rce-early-announcement\" target=\"_blank\" rel=\"noopener\">official Spring project post<\/a><\/li>\n<\/ul>\n<p>Security researchers observed several indicators of injection\/remote code execution as an attack path for Spring4Shell. Europe in particular is under fire, according to the security researchers. According to Check Point, 20 percent of organizations are said to be at risk because of Spring4Shell. Software vendors make up the largest group globally at 28 percent. A message from the security vendor said 16 percent of all organizations worldwide were affected after just four days. I had reported on this in the blog post <a href=\"https:\/\/borncity.com\/win\/2022\/04\/09\/spring4shell-sicherheitslcken-in-java-spring-framework\/\">Spring4Shell: Vulnerabilities in Java Spring Framework<\/a>. There are already corresponding patches from VMware (see links at the end of the article). <\/p>\n<h2>Mirai botnet uses Spring4Shell<\/h2>\n<p>The colleagues at Bleeping Computer warn in the following <a href=\"https:\/\/twitter.com\/BleepinComputer\/status\/1512440208293249032\" target=\"_blank\" rel=\"noopener\">tweet<\/a> as well as in <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/mirai-malware-now-delivered-using-spring4shell-exploits\/\" target=\"_blank\" rel=\"noopener\">this article<\/a> that the Mirai malware is already abusing Spring4Shell vulnerabilities to infect systems. <\/p>\n<p><a href=\"https:\/\/twitter.com\/BleepinComputer\/status\/1512440208293249032\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" title=\"Mirai uses Spring4Shell\" alt=\"Mirai uses Spring4Shell\" src=\"https:\/\/i.imgur.com\/VGkhlwy.png\"><\/a><\/p>\n<p>The observed active exploitation of the vulnerabilities could be seen a few days ago. What stands out is that the attacks are concentrated on vulnerable web servers in Singapore. This suggests that the whole thing might be a preliminary testing phase. It is conceivable that the threat actors will try the operation worldwide at a later stage. <\/p>\n<h2>Spring4Shell analysis by Trend Micro<\/h2>\n<p>Security vendor Trend Micro took a closer look at the Spring4Shell vulnerabilities and subsequently published an analysis, which they point out in the following <a href=\"https:\/\/twitter.com\/TrendMicroDE\/status\/1514151403379384323\" target=\"_blank\" rel=\"noopener\">tweet<\/a> and in <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/22\/d\/cve-2022-22965-analyzing-the-exploitation-of-spring4shell-vulner.html\" target=\"_blank\" rel=\"noopener\">this article<\/a>.<\/p>\n<p><a href=\"https:\/\/twitter.com\/TrendMicroDE\/status\/1514151403379384323\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" title=\"Spring4Shell-Analyse von Trend Micro\" alt=\"Spring4Shell-Analyse von Trend Micro\" src=\"https:\/\/i.imgur.com\/TByiX89.png\"><\/a><\/p>\n<p>To learn about the vulnerabilities, reading the article might be helpful. <\/p>\n<p><strong>Similar articles:<br \/><\/strong><a href=\"https:\/\/borncity.com\/win\/2022\/04\/09\/spring4shell-sicherheitslcken-in-java-spring-framework\/\">Spring4Shell: Vulnerabilities in Java Spring Framework<\/a><br \/><a href=\"https:\/\/web.archive.org\/web\/20220407155648\/https:\/\/borncity.com\/win\/2022\/04\/07\/vmware-reagiert-auf-die-spring4shell-rce-schwachstelle-cve-2022-22965\/\">VMware patches Spring4Shell RCE vulnerability CVE-2022-22965<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2022\/04\/08\/warnung-kritische-schwachstellen-in-vmware-produkten-6-april-2022\/\">Warning: Critical Vulnerabilities in VMware Products (April 6, 2022)<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]A vulnerability called Spring4Shell in the Java Spring Framework has been known for a few days. VMware has been providing patches for its products since the beginning of April 2022. It is now known that the Mirai botnet exploits the &hellip; <a href=\"https:\/\/borncity.com\/win\/2022\/04\/16\/spring4shell-schwachstelle-analyse-und-bedrohung-durch-mirai-botnet\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580],"tags":[69],"class_list":["post-24114","post","type-post","status-publish","format-standard","hentry","category-security","tag-security"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/24114","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=24114"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/24114\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=24114"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=24114"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=24114"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}