Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
This remote code execution (RCE) vulnerability is well known, and public exploit code is available. An unauthenticated attacker could gain complete control of a device, steal sensitive information, or launch additional attacks on the network.
Kill Chain
Risk Score
92
Spring is a popular open source Java development framework often deployed on Apache Tomcat. Changes to the Class object in JDK 9 created a vulnerability in the Spring Framework where class objects are exposed and can be manipulated to enable remote command execution (RCE).
The vulnerability, referred to as Spring4Shell, enables an attacker to leverage class object properties to access and manipulate other valuable objects on the system. An attacker can exploit this vulnerability by sending a specially designed HTTP request that creates a malicious file on an Apache Tomcat server and then send a request to run that file. For example, an attacker can bind new property values to an Apache Tomcat logging object that directs the access log to write a web shell into the webroot.
Upgrade Spring Framework to version 5.3.18 or 5.2.20
Configure a web application firewall (WAF) to filter strings such as "class.*", "Class.*", "*.class.*", and "*.Class.*" in a way that does not impact normal operations
