Spring4Shell vulnerability (CVE-2022-22965) - Vulnerability Detection using ManageEngine Vulnerability Manager Plus

Spring4Shell vulnerability (CVE-2022-22965) - Vulnerability Detection using ManageEngine Vulnerability Manager Plus

*This forum post will be updated periodically based on the data updated by Spring.
 
The recently identified Spring4Shell vulnerability (CVE-2022-22965) is classified as a zero-day vulnerability. Present in the Spring Framework, this vulnerability can allow attackers to potentially carry out Remote Code Execution.
 
It is to be noted that the vulnerability has been addressed in Apache Tomcat versions 10.0.20, 9.0.62, and 8.5.78, Spring Framework versions 5.3.18 and 5.2.20 and Spring Boot versions 2.6.6 and 2.5.12.
 
The vulnerability affects the Spring MVC and Spring WebFlux applications running with the following configurations:
  • JDK 9 or higher
  • Apache Tomcat as the Servlet container.
  • Packaged as a traditional WAR (in contrast to a Spring Boot executable jar).
  • spring-webmvc or spring-webflux dependency.
  • Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions.
Note:
  • The nature of the vulnerability is more general, and there may be other ways to exploit it.
  • If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. 
 

Vulnerability Detection using ManageEngine Vulnerability Manager Plus

 
Note:
  • Since their may be other ways to exploit the vulnerability owing to its more general nature, kindly reach out to the respective web application vendors for vulnerability information and patch details.
  • The vulnerability details will be available only after the next DB sync.
 
To detect affected network systems as well as the vulnerable web server installations on those systems,
1) Log in to the Vulnerability Manager Plus web console.
 
2) Navigate to Threats > Web Server Misconfiguration
 
3) Search for Spring4Shell vulnerability (CVE-2022-22965) to find affected Windows systems and Spring4Shell vulnerability (CVE-2022-22965) for Linux to find affected Linux systems.
 
4) Under the Affected Systems column, you'll get a total count of systems affected by this vulnerability.
 
5) Clicking on it will reveal the affected systems.
 
6) To view the exact web server installations on those systems that are affected by this vulnerability, click on the Web Server Misconfiguration count available for each system.
 
7) In the resulting table view, the File Path displays the home directory path or the exe path of the web servers affected by the Spring4Shell vulnerability (CVE-2022-22965).
 
8) You can also view the vulnerabilities under the Threats > Software Vulnerabilities and the CVE ID under Threats > Detected CVEs
 
Reference link: