2 min Security

New Spring Java framework vulnerability could be next Log4Shell

New Spring Java framework vulnerability could be next Log4Shell

The zero day vulnerability allows remote code execution.

A new zero-day vulnerability in the Spring Core Java framework called ‘Spring4Shell’ has been publicly disclosed, according to a report in Bleeping Computer. The vulnerability allows unauthenticated remote code execution on applications.

Spring is a very popular application framework that allows software developers to quickly and easily develop Java applications with enterprise-level features. These applications can then be deployed on servers, such as Apache Tomcat, as stand-alone packages with all the required dependencies.

Yesterday, a new Spring Cloud Function vulnerability tracked as CVE-2022-22963 was disclosed, with Proof-of-Concept exploits soon to follow. However, information about a more critical Spring Core remote code execution vulnerability was later circulating on the QQ chat service and a Chinese cybersecurity site.

On Thursday, an exploit for this zero-day vulnerability was briefly leaked and then removed but not before cybersecurity researchers could download the code. Since then, numerous cybersecurity researchers and security firms have confirmed that the vulnerability is valid and of significant concern.

“What made log4j such a problem is that it is often installed on appliances and other ‘headless’ devices that are not maintained by the end customer,” John Bambenek, principal threat hunter at information technology service management company Netenrich, told SiliconANGLE. “It is unclear how true this will be for Spring, but any RCE issue should be go straight to the top of the pile for security teams to address.”

This could be the new Log4Shell

Spring is a very popular application framework for Java applications, raising significant concerns that this may lead to widespread attacks as threat actors scan for vulnerable apps.

As exploitation requires a simple HTTP POST to a vulnerable app, threat actors will be able to create scripts that scan the Internet and automatically exploit vulnerable servers.

Threat actors can use these exploits to execute commands on the server, which will allow full remote access to the device.

Tip: Read all about Log4j/Log4Shell here.