Spring4Shell: Day 1 Update and Insights

BLOG IN Threat Intelligence BY
Neil Weitzel
PUBLISHED ON March 31, 2022
LAST UPDATED April 8, 2022

As we reported yesterday, ThreatX deployed to production a ruleset to protect against Spring4Shell exploits. Since then, the ThreatX SOC has been monitoring for hits against the rule. We have seen some matches, though volume has been relatively low.

In terms of Spring4Shell more generally, early this morning BST, Spring publicly acknowledged the vulnerability. Details are available in a Spring blog: https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement.

At this point, there is still no CVE for Spring4Shell; once available, we will have greater clarity regarding the relative prioritization of this vulnerability.

A few key takeaways from the Spring blog follow. It is important to know that, unlike the Log4J vulnerability, which impacted anyone with that Apache logging library deployed, Spring4Shell will impact organizations under the following scenarios:

  • JDK9 or higher in use
  • Running on Apache Tomcat as the servlet container
  • Packaged as WAR

In addition, Spring released a full remediation path for those impacted. In the meantime, ThreatX customers can rely on our platform as a threat mitigation capability while steps are taken to enable remediation (e.g., change management and regression testing).

As always, we encourage customers to reach out to the ThreatX SOC with any questions or support required to address Spring4Shell at support@threatx.com.

Originally posted 5:50 pm ET on March 30, 2022

ThreatX Response to Spring4Shell

On March 29, 2022, Spring disclosed a zero-day vulnerability – Spring4Shell. A widely used Java framework, Spring is found within many web applications. If exploited, this vulnerability could enable unauthenticated remote code execution (RCE) by attackers. This is considered a priority vulnerability that should be addressed immediately in Java applications that leverage Spring Core.

Bottom line:  Spring Core is vulnerable to RCE.

Upon disclosure, the ThreatX SOC developed and deployed to production a ruleset to protect against Spring4Shell exploits. All ThreatX client sensors are leveraging these precise rules to protect our customers while preventing false positives.

ThreatX has additional rules deployed to specific customers that are particularly at risk of a Spring4Shell exploit. If you feel you are at risk, reach out to the ThreatX SOC to obtain this specific ruleset.

The ThreatX SOC will continue testing against known payloads and monitoring the progression of the Spring4Shell exploit.

We encourage customers to reach out to the ThreatX SOC with any questions or support required to address Spring4Shell at support@threatx.com.

About the Author
Neil Weitzel

A results-driven cybersecurity leader, Neil Weitzel is dedicated to empowering organizations through robust security strategies. With over 15 years of experience leading security programs and teams, Neil possesses a unique ability to align security initiatives with business goals. As the current Director of Security Operations at ThreatX, he excels at identifying and mitigating risks, ensuring business continuity and resilience. Neil's track record includes successful leadership roles at Cognizant, Synopsys, and Cygilant, where he consistently built and strengthened security postures. An active thought leader, Neil is a frequent speaker and adjunct lecturer, contributing to the cybersecurity community's growth and development.

ThreatX

Related Content

BLOG

If all you have is a hammer…

VIEW MORE
BLOG

Top 4 Malicious Automation Attacks & How to Detect Them

VIEW MORE
BLOG

The Evolving MyloBot Botnet

VIEW MORE