Technology giant Microsoft recently released a blog to guide users to detect Spring4Shell vulnerabilities across its cloud services.
According to the company, it is currently detecting a ‘limited volume of exploit attempts’ across its cloud services that are aimed at the critical Spring4Shell remote code execution (RCE) vulnerability. Spring4Shell is a zero-day vulnerability (CVE-2022-22965) that security experts have classified as Critical.
It is also known as a proof-of-concept attack that only affects non-standard Spring Framework configurations, such as when Web Application Archive (WAR) packaging is used instead of Java Archive packaging (JAR).
Microsoft’s guide contains all the steps and methods that can be used to identify and rectify the issue.
“Microsoft regularly monitors attacks against our cloud infrastructure and services to defend them better. Since the Spring Core vulnerability was announced, we have been tracking a low volume of exploit attempts across our cloud services for Spring Cloud and Spring Core vulnerabilities,” mentioned Microsoft in the blog.
Below mentioned are the traits of systems that are most vulnerable to the attack –
- Running JDK 9.0 or later.
- Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and earlier versions
- Apache Tomcat as the Servlet container:
- Packaged as a traditional Java web archive (WAR) and deployed in a standalone Tomcat instance; typical Spring Boot deployments using an embedded Servlet container or reactive web server are not impacted.
- Tomcat has spring-webmvc or spring-webflux dependencies.
People can use the “$ curl host:port/path?class.module.classLoader.URLs%5B0%5D=0” command to determine the vulnerability of their systems.
Though this command can be used as a predictive tool to check vulnerability, any system that falls within the scope of the impacted systems listed above should still be considered susceptible.