Spring Framework for Java vulnerable to remote code execution CVE-2022-22965

[doctore74]

Hi,

do you have any plans to integrate the detection for Spring4Shell (CVE-2022-22965)?

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22965

https://unit42.paloaltonetworks.com/cve-2022-22965-springshell/

[xeraph]

No.. I think it's relatively easy to spot vulnerable spring apps since operator can see any tomcat instances. I reviewed some real exploit payload in the wild and concluded it's easy to detect and block using WAF. If there are many demands for spring scanner, I will reconsider about spring scanner.. (but spring scanner should be another repo in that case)

[doctore74]

I see. Thanks for the quick answer.

[cstegm]

Hi @xeraph ! I would Love to see a spring scanner i think it could be very helpful!

[funksen]

hi, +1 :) since you are already extracting all jar and war files it would be really cool to have searched for both issues, for now I use https://github.com/hillu/local-spring-vuln-scanner and run both commands periodically

[romestylez]

I would love to see a CVE-2022-22965 scanner !

[doctore74]

@xeraph
An integration would be best practise. We would not need a second run over the same files.

[romestylez]

@xeraph An integration would be best practise. We would not need a second run over the same files.

I would like another tool. Possibly its different servers then before. So two tools would be great.

[DoronGaznavi]

Hi, I also would love to see Spring scanning, it will be great :)

[greg-michael]

I will add my name to the list for a scanner. Thanks.