A few days ago, there was discovered a bug in the Java Spring framework that allows for remote exploitation of the framework.
It is referred as to “SpringShell” explitation.
You can spot it by looking at http request (either GET or POST) that contains something like:
class.module.classLoader.Urlz[a]=a
Recommendation:
- check your app and server logs
More information:
- https://www.microsoft.com/security/blog/2022/04/04/springshell-rce-vulnerability-guidance-for-protecting-against-and-detecting-cve-2022-22965/
- https://www.springcloud.io/post/2022-03/spring-framework-rce-early-announcement/#gsc.tab=0
- https://cybersecurityworks.com/blog/vulnerabilities/spring4shell-the-next-log4j.html
Blog image by: