April 1– In the past week, a series of vulnerabilities have been identified as affecting the popular Java Spring Framework and related software components, which are commonly referred to as Spring4Shell.
Patches are now available, and security teams are continuing to assess the potential for the vulnerabilities’ exploit. Read on to learn more about vulnerability assessment, severity and mitigation.
What is the Spring Framework?
The Spring Framework is a programming and configuration model providing infrastructure support for developers building Java applications. Spring is one of the most popular development platforms on the market, with a popularity rating of 82.7%.
Why it matters
Thus far, no one has found evidence that this is extremely widespread, but it is affecting businesses. Although severity levels are high, Spring4Shell only impacts non-default usage of Spring Core. Categorically, it is not like Log4Shell.
The Apache Log4j logging software, which was affected by the Log4Shell vulnerability, was enmeshed in countless applications and services that were vulnerable by default. Spring4Shell vulnerabilities are not vulnerable by default.
The Spring4Shell RCE vulnerability, which is tracked as CVE-2022-22965, affects JDK 9 or higher and has several additional requirements in order for it to be exploited, according to an official Spring blogpost.
Additional actionable insights
Check Point is seeing exploit attempts against the following vulnerabilities among customers in the US and in Europe:
- CVE-2022-22947– official VMware post
- CVE-2022-22963– official Spring project post
- CVE-2022-22965– official Spring project post
How organizations should respond
Organizations using Java Spring should immediately review their software and update to the latest versions by following the official Spring project guidance.
Despite the fact that the risk associated with this vulnerability is thought to be much more minimal than that associated with Log4j, attackers could still identify creative means of leveraging the vulnerability; especially in terms of modalities beyond the expected range.
Avoid discounting this vulnerability. Take action around analysis and known application vulnerabilities.
Advanced vulnerability protection
Check Point CloudGuard AppSec provides pre-emptive protection against exploits of the above CVE. No software update is required.
To ensure that you are protected by CloudGuard AppSec, the only thing you need to do is to make sure that the Web Application or Web API Best Practice of your Asset is set to the Default Prevent Mode. No updates or other settings are needed.
For more information about Spring4Shell, click here.
Lastly, to receive cutting-edge cyber security news, insights, best practices and analyses in your inbox each week, sign up for the CyberTalk.org newsletter.