Vulnerability

Spring4Shell Zero-Day Vulnerability: Information and Remediation for CVE-2022-22965

Mar 31, 2022 By Daniel Elkabes In Mend

Overview The internet is abuzz with the disclosure of CVE-2022-22965, an RCE vulnerability in Spring, one of the most popular open-source frameworks for Java applications in use today. Known as “Spring4Shell” or “SpringShell”, the zero-day vulnerability has triggered widespread concern about the possibility of a wave of malicious attacks targeting vulnerable applications. Is this Log4j 2.0?

Read Post

Mend

Read more about Spring4Shell Zero-Day Vulnerability: Information and Remediation for CVE-2022-22965

Trustwave's Action Response: CVE-2022-22965 and CVE-2022-22963

Mar 31, 2022 By Trustwave In Trustwave

Trustwave security and engineering teams are actively investigating the vulnerabilities CVE-2022-22965 (also referenced by other vendors at Spring4Shell / SpringShell) and CVE-2022-22963 and potential exploits. We are diligently watching over our clients for exposure and associated attacks and are taking action with approved mitigation efforts. At this time, Trustwave infrastructure and products have not been adversely affected by the vulnerability / exploits.

Read Post

Trustwave

Read more about Trustwave's Action Response: CVE-2022-22965 and CVE-2022-22963

Detecting Spring4Shell 0-day Vulnerability Using Devo (updated 4/7/22)

Mar 31, 2022 By By The Devo Security Team In Devo

Editor’s note: Latest update, April 6, 2022, 7:30 p.m. U.S. EDT — This post now includes an example query to aid SOC teams in generating alerts for their specific WAF data sources. See the section “Create New Web Application Firewall (WAF) Rules” for details. A critical zero-day vulnerability in Java’s popular Spring Core Framework is being actively targeted, according to multiple reports submitted to Bleeping Computer.

Read Post

Devo

Read more about Detecting Spring4Shell 0-day Vulnerability Using Devo (updated 4/7/22)

Critical Vulnerability in Spring Core: CVE-2022-22965 a.k.a. Spring4Shell

Mar 31, 2022 By Stefano Chierici In Sysdig

After the Spring cloud vulnerability reported yesterday, a new vulnerability called Spring4shell CVE-2022-22965 was reported this time on the very popular Java framework Spring Core on JDK9+. The vulnerability is always a remote code execution (RCE) which would permit attackers to execute arbitrary code on the machine and compromise the entire host.

Read Post

Sysdig

Read more about Critical Vulnerability in Spring Core: CVE-2022-22965 a.k.a. Spring4Shell

This Week in VulnDB - highlight on sprint4shell and dep supply chain vulnerability

Mar 31, 2022 By Snyk In Snyk

Welcome to This Week in VulnDB, Each episode we will look through some of the newer vulnerabilities in the Snyk vulnerability database, looking at emerging trends in attack vectors appearing in programming languages, platforms and ecosystems.

View Video

Snyk

Read more about This Week in VulnDB - highlight on sprint4shell and dep supply chain vulnerability

Spring Framework Remote Code Execution (CVE-2022-22965)

Mar 31, 2022 By The Veracode Research Team In Veracode

Details of a zero-day vulnerability in Spring Framework were leaked on March 29, 2022 but promptly taken down by the original source. Although much of the initial speculation about the nature of the vulnerability was incorrect, we now know that the vulnerability has the potential to be quite serious depending on your organization’s use of Spring Framework. There is also a dedicated CVE 2022-22965 assigned to this vulnerability. We will keep this blog updated as new information comes up.

Read Post

Veracode

Read more about Spring Framework Remote Code Execution (CVE-2022-22965)

Vulnerability Management - Intro to Torq Webinar

Mar 31, 2022 By Torq In Torq

As recent vulnerabilities like log4j have shown, having a standardized approach to identifying vulnerabilities and applying patches is essential to organizations looking to keep their systems safe from exploits. Whether it's preventative maintenance or responding to new 0-days, a continuous vulnerability management program ensures that security teams can rapidly identify risks and work cross-functionally to deploy patches and verify successful remediation.

View Video

Torq

Read more about Vulnerability Management - Intro to Torq Webinar

Veracode Product Update

Mar 31, 2022 By Veracode In Veracode

This episode of Veracode Insiders features Elisa Velarde, Senior Product Marketing Manager, here at Veracode. Tune in for an update on a new product enhancement that allows your security team to find log4shell at runtime.

View Video

Veracode

Read more about Veracode Product Update

SpringShell (Spring4Shell) Zero-Day Vulnerability CVE-2022-22965 : All You Need To Know

Mar 31, 2022 By Shachar Menashe In JFrog

On March 29th, the cyberkendra security blog posted a sensational post about a Log4Shell-equivalent zero-day vulnerability in Spring Framework, but without any solid details about the vulnerability itself.

Read Post

JFrog

Read more about SpringShell (Spring4Shell) Zero-Day Vulnerability CVE-2022-22965 : All You Need To Know

Using the Snyk Vulnerability Database to find projects for The Big Fix

Mar 30, 2022 By DeveloperSteve In Snyk

As developers, we all have our morning startup routine: make coffee, check Slack/Discord/email, read the latest news. One thing I do as part of my daily startup routine is check the Snyk Vulnerability Database for the latest open source vulnerabilities. It’s been especially interesting to see the types of exploits and vulnerabilities that appear in different ecosystems.

Read Post