How does Holm Security support detection of the Spring4shell vulnerability?

 

Information about the vulnerability Spring4shell

Spring4Shell vulnerability needs several coexisting requirements to be exploitable.
- Vulnerable version of Spring Framework (upgrade solves completely the issue)
- Vulnerable version of Apache Tomcat (upgrade neutralize the attack vector even if Spring Framework version is vulnerable)
- Java 9 or higher
- spring-webmvc or spring-webflux dependency.
 
We have enhanced the plugin for the authenticated version check (HID-2-1-347322) by adding a check for the presence and version of Apache Tomcat on the scanned system.
 
If a vulnerable version of Spring Framework is detected, we advise upgrading it as the best solution.
In case also Apache Tomcat is detected and vulnerable, we report the installed Tomcat version and advice to update to the relevant safe release of Tomcat as a Mitigation in case upgrading Spring Framework is not a viable choice.
 
In this way, the test is more accurate, in that it reveals more information and solutions about the exploit scenario present in the customer system. Of course, the solution section also provides insight into other mitigation options.


Current Plugins

HID-2-1-347323 VMware Spring Boot / Spring Framework Detection (HTTP)
HID-2-1-347322 VMware Spring Framework (Core) RCE Vulnerability (Spring4Shell, SpringShell) - Version Check
HID-2-1-347320 VMware Spring Framework Detection Consolidation
HID-2-1-347321 VMware Spring Framework Detection (Linux/Unix SSH Login)


 2022-04-12 Newly released plugins:
 
HID-2-1-347349 - VMware Spring Boot RCE Vulnerability (Spring4Shell, SpringShell) - Version Check
Authenticated NVT for the version check of VMware Spring Boot releases affected by Spring4Shell.
 
HID-2-1-347338 - VMware Spring Framework Detection (Windows SMB Login)
SMB protocol authenticated detection of the VMware Spring Framework (and its components). It searches for the VMware Spring Framework JAR files on the filesystem
 
HID-2-1-347341 - VMware Spring Boot Detection (Windows SMB Login)
SMB protocol authenticated detection of VMware Spring Boot (and its components). It searches for the VMware Spring Boot JAR files on the filesystem.
 
HID-2-1-347340 - VMware Spring Boot Detection Consolidation
Consolidation of VMware Spring Boot (and its components) detections.
 
HID-2-1-347342 - VMware Spring Boot Detection (Linux/Unix SSH Login)
SSH protocol authenticated detection of the VMware Spring Framework (and its components). It searches for the VMware Spring Boot JAR files on the filesystem.

 2022-04-12 Newly released plugins available:
 
- HID-2-1-5348989 : Spring Framework (MVC) RCE (HTTP, Spring4Shell) CVE-2022-22965 - Active Check
- HID-2-1-5348972 : Spring Cloud Function RCE (HTTP, Spring4Shell) CVE-2022-22963 - Active Check
 

Updates about vulnerability tests
 
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.