Spring4Shell Proof Of Concept/And vulnerable application CVE-2022-22965# Spring4Shell-POC (CVE-2022-22965)
   
Spring4Shell (CVE-2022-22965) Proof Of Concept/Information + [A vulnerable Tomcat server with a vulnerable spring4shell application.](vulnerable-tomcat/)
Early this morning, multiple sources has informed of a possible RCE exploit in the popular java framework spring.
The naming of this flaw is based on the similarities to the infamous Log4j LOG4Shell.
## Details about this vulnerability
- [https://websecured.io/blog/624411cf775ad17d72274d16/spring4shell-poc](https://websecured.io/blog/624411cf775ad17d72274d16/spring4shell-poc)
- [https://www.springcloud.io/post/2022-03/spring-0day-vulnerability](https://www.springcloud.io/post/2022-03/spring-0day-vulnerability)
- [https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement](https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement)
## POC Usage
The usage is simple! You can either run the docker image, or just run the python script!
Please see vulnerable-tomcat for inscructions on setting up your own spring4shell vulnerable application [here!](vulnerable-tomcat/)
### Requirements
- Python3 or [Docker](https://hub.docker.com/r/bobtheshoplifter/spring4shell-poc)
### Python
```python
pip install -r requirements.txt
poc.py --help
```
### Docker
```sh
## Dockerhub
docker pull bobtheshoplifter/spring4shell-poc:latest
docker run bobtheshoplifter/spring4shell-poc:latest --url https://example.io/
## Github docker repository
docker pull ghcr.io/bobtheshoplifter/spring4shell-poc:main
docker run ghcr.io/bobtheshoplifter/spring4shell-poc:main --url https://example.io/
```
## Vulnerable Tomcat server
I have now made a docker image for this, which includes a vulnerable spring + tomcat application.
The application should be enough to test this vulnerability.
[Please see (vulnerable-tomcat/README.md)](vulnerable-tomcat/README.md)
## Mitigations
!!(The following mitigations are only theoretical as nothing has been confirmed)!!
### JDK Version under 9
Cyberkendra informed that JDK versions lower than JDK 9
You can easily check this by running
```sh
java -version
```
That will display something similar to this
```sh
openjdk version "17.0.2" 2022-01-18
OpenJDK Runtime Environment (build 17.0.2+8-Ubuntu-120.04)
OpenJDK 64-Bit Server VM (build 17.0.2+8-Ubuntu-120.04, mixed mode, sharing)
```
If your JDK version is under 8, you might be safe, but nothing is confirmed yet
The following article will be updated
### Check if you are using the spring framework
Do a global search after `spring-beans*.jar` and `spring*.jar`
```sh
find . -name spring-beans*.jar
```
[^1]: POC, translated fron this repository.
POC, translated fron this repository: https://github.com/craig/SpringCore0day/blob/main/exp.py
[4.0K] /data/pocs/95efe438e3332060d814f121c352b67c07990883
├── [ 130] Dockerfile
├── [3.6K] poc.py
├── [3.4K] README.md
├── [ 26] requirements.txt
├── [ 10K] spring4shell.png
└── [4.0K] vulnerable-tomcat
├── [ 133] Dockerfile
├── [2.7K] README.md
├── [ 22K] spring4shellapplication.png
├── [ 18M] spring-form.war
└── [4.0K] spring-war
├── [ 505] build.gradle
├── [4.0K] gradle
│ └── [4.0K] wrapper
│ └── [ 200] gradle-wrapper.properties
├── [5.6K] gradlew
├── [2.6K] gradlew.bat
├── [9.7K] mvnw
├── [6.2K] mvnw.cmd
├── [1.6K] pom.xml
├── [ 33] settings.gradle
└── [4.0K] src
├── [4.0K] main
│ ├── [4.0K] java
│ │ └── [4.0K] com
│ │ └── [4.0K] example
│ │ └── [4.0K] handlingformsubmission
│ │ ├── [ 682] GreetingController.java
│ │ ├── [ 330] Greeting.java
│ │ └── [ 481] HandlingFormSubmissionApplication.java
│ └── [4.0K] resources
│ └── [4.0K] templates
│ ├── [ 560] greeting.html
│ └── [ 400] result.html
└── [4.0K] test
└── [4.0K] java
└── [4.0K] com
└── [4.0K] example
└── [4.0K] handlingformsubmission
└── [1.9K] HandlingFormSubmissionApplicationTest.java
17 directories, 23 files