VMWare Spring4Shell Vulnerability
Public 0-day exploit allows remote code execution
https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement
A remote code execution vulnerability exists in Spring Framework with JDK version 9 due to an insecure deserialization exploit. The exploit is based on insufficient validation of input that an attacker can perform a remote code execution. Spring is encouraging customers to upgrade to Spring Framework 5.3.18 and 5.2.20 or follow the suggested workarounds.
Background
Spring Framework is the most popular Java lightweight open-source framework which allows simplification of the software development cycle of any Java-based enterprise applications. More backround is available in the FortiGuard Threat Signal at
Announced
March 30, 2022: Spring announced a 0-day vulnerability on their Spring Framework with JDK9. March 30, 2022: A tech news site Cyber Kendra provided vulnerability details and investigation. March 31, 2022: Thousands of SecNews site picked up and re-announced the critical vulnerability.
Latest Developments
March 31, 2022: Spring published a blog on details, workaround and solution of the vulnerability. FortiGuard is seeing active exploitation of the vulnerability. The telemetries can be viewed at:
arrow_icon
PROTECT

Countermeasures across the security fabric for protecting assets, data and network from cybersecurity events:

Reconnaissance

Decoy VM

Detect activities on exploitation of Spring vulnerability (CVE-2022-22965).

DB 20221125
Weaponization
Delivery

Exploitation

IPS

Detect activities on exploitation of Spring vulnerability (CVE-2022-22965).

DB 20.287
DB 20.287
DB 20.287
DB 20.287
DB 20.287
Web App Security

Detect activities on exploitation of Spring vulnerability (CVE-2022-22965).

DB 0.00317
DB 1.00033
Application Firewall

Detect activities on exploitation of Spring vulnerability (CVE-2022-22965)

DB 20.289

Installation

Post-execution

Block post-exploitation activity associated with adversaries attempting to utilize the vulnerability to gain a foothold within the environment.

DB 4.0+
C2
Action
arrow_icon
DETECT

Find and correlate important information to identify an outbreak, the following updates are available to raise alert and generate reports:

Threat Hunting

Detect activities on exploitation of Spring vulnerability (CVE-2022-22965).

Outbreak Detection

DB 1.00052
arrow_icon
RESPOND

Develop containment techniques to mitigate impacts of security events:

Automated Response

Services that can automaticlly respond to this outbreak.

Assisted Response Services

Experts to assist you with analysis, containment and response activities.

arrow_icon
RECOVER

Improve security posture and processes by implementing security awareness and training, in preparation for (and recovery from) security incidents:

InfoSec Services

Security readiness and awareness training for SOC teams, InfoSec and general employees.

arrow_icon
IDENTIFY

Identify processes and assets that need protection:

Attack Surface Monitoring (Inside & Outside)

Security reconnaissance and penetration testing services, covering both internal & external attack vectors, including those introduced internally via software supply chain.