WAF mitigation for Spring Framework RCE CVE-2022-22965

Vulnerability

Spring Framework is an open source lightweight J2EE application development Framework, which provides IOC, AOP, MVC and other functions. Spring Framework can solve the common problems encountered in the development of programmers, and improve the convenience of application development and software system construction efficiency.

The vulnerability impacts Spring MVC and Spring WebFlux applications running on JDK 9+. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit.

These are the requirements for the specific scenario from the report:

JDK 9 or higher

Apache Tomcat as the Servlet container

Packaged as a traditional WAR (in contrast to a Spring Boot executable jar)

spring-webmvc or spring-webflux dependency

Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions

However, the nature of the vulnerability is more general, and there may be other ways to exploit it that have not been reported yet.

Vulnerability Details:

Vulnerability level: High Risk

Affected version:
Spring Framework 5.3.x < 5.3.18
Spring Framework 5.2.x < 5.2.20

Security version:
Spring Framework = 5.3.18
Spring Framework = 5.2.20

Suggested Workarounds

Upgrade the Spring Framework to 5.3.18, 5.2.20 or later versions

CDNetworks Deployed New Rules to Mitigate Spring Framework RCE

CDNetworks security team responded immediately to this high-risk vulnerability, and deployed the new WAF rules (9801,9802,9803) for CDNetworks’ systems and products to mitigate the Zero Day CVE on March 31.2022.

Any customer who currently is using Application Shield or Web Application Firewall will receive updates of new rules (9801,9802,9803) and enable Block Mode on CDNetworks’ portal to detect CVE-2022-22965 exploit attempts and mitigate this Zero Day CVE.

Rule ID

Rule Name

Attack Type

Action

9803

Spring4shell_3

3rd Party Component Exploit

Block

9802

Spring4shell_2

3rd Party Component Exploit

Block

9801

Sping4shell_1

3rd Party Component Exploit

Block

Cloud Security

WP Fastest Cache Plugin and its Vulnerability to SQL Injection (CVE-2023-6063)

WP Fastest Cache is a WordPress caching plugin designed to accelerate page loading and enhance visitor experience with the goal of and improving website rankings on search engine results pages, notably, Google. According to WordPress.org,

Web Performance

How Does a CDN Work?

The most significant factor driving the growth of the content delivery network market is end user interaction with online content. This interaction between a user and online content is far more complex today than it

State of Web Application & API Protection

Object Storage Enables Effortless Migration of Game Packages

Global To China Solutions

eBook for Travel Industry

Entertaiment Live Streaming Solution

WAF mitigation for Spring Framework RCE CVE-2022-22965

Contents

Try CDNetworks For Free

Share This Post

Vulnerability

Vulnerability Details:

Suggested Workarounds

CDNetworks Deployed New Rules to Mitigate Spring Framework RCE

More To Explore

WP Fastest Cache Plugin and its Vulnerability to SQL Injection (CVE-2023-6063)

How Does a CDN Work?

Featured Products

Solutions

Blog

Resources