Share This:

Threat Update

Security professionals have identified a new zero-day vulnerability in the Spring Framework, an application development framework for Java. This vulnerability (tracked as CVE-2022-22965) can allow attackers to execute unauthenticated remote code. Spring has released Spring Framework versions 5.3.18 and 5.2.20 which addresses this vulnerability, and Barracuda MSP’s SOC recommends updating as soon as possible.

Technical Detail & Additional Information

WHAT IS THE THREAT?

A remote code execution vulnerability currently exists in the Spring Framework. It allows attackers to perform unauthenticated remote code execution attacks. The vulnerability impacts Spring MVC and Spring WebFlux applications running on JDK 9+ on any Spring Framework version that is prior to 5.2.20 and 5.3.18.

WHY IS IT NOTEWORTHY?

Spring is a widely utilized application development framework for Java, and many applications both enterprise and personal could be at risk. Internet-exposed applications should be updated to fix versions as soon as possible to stop attackers from detecting vulnerable applications with a simple scan and from exploiting this vulnerability by sending a specially crafted HTTP request.

WHAT IS THE EXPOSURE OR RISK?

Spring MVC or Spring WebFlux applications running on JDK 9+ can be vulnerable against this remote code execution via the data binding. Data Binding allows user input to be dynamically bound to the domain model of an application. When exploited, this vulnerability can allow attackers to execute arbitrary code on targeted systems.

WHAT ARE THE RECOMMENDATIONS?

Barracuda MSP’s SOC recommends the following actions to help mitigate this threat:

  • Upgrade to Spring Framework version 5.3.18 and 5.2.20
  • For affected applications, monitor process execution and application logs for anomalous behaviour
  • If you don’t have a Web Application Firewalls (WAF) deployed in front an affected Spring-based applications, consider deploying a WAF as many WAF vendors will publish definition to help protect against such attack.

REFERENCES

For more in-depth information about the recommendations, please visit the following links:

If you have any questions, please contact our Security Operations Center.


Share This:

Posted by Doris Au

Doris is a product marketing manager at Barracuda MSP. In this position, she is responsible for connecting managed service providers with multi-layered security and data protection products that can protect their customers from today’s advanced cyber threats.

Leave a reply

Your email address will not be published.