DETECTION OVERVIEW

Spring Cloud Gateway Exploit Attempt - CVE-2022-22947

Risk Factors

This code injection vulnerability is well known, and public exploit code is available. An unauthenticated attacker could gain complete control of a device, steal sensitive information, or launch additional attacks on the network.

Kill Chain

Exploitation

Risk Score

Attack Background

Spring is a common open-source Java development framework often deployed on Apache Tomcat. Spring Cloud Gateway is an API library that provides a framework for developing API gateways for Java web applications. Spring Cloud Gateway has a code injection vulnerability when the Gateway Actuator endpoint is enabled. The attacker sends an HTTP POST request to the vulnerable endpoint, /actuator/gateway/routes, with a malicious Java command sequence in the request body. The Spring server then runs the malicious command.

Mitigation Options

Upgrade Spring Cloud Gateway to version 3.0.7, 3.1.1, or later

MITRE ATT&CK ID

T1190

Professional Services

Partners

Partner Login

Partner Finder

View All Use Cases

View All Industries

View All Integrations

Attack Background

Mitigation Options

MITRE ATT&CK ID

What else can RevealX do for you?

View our Periodic Table of use cases