Rapid7 has found a spring framework vulnerability called Spring4Shell


As usual a new vulnerability requires risk management to be reassessed.


https://nvd.nist.gov/vuln/detail/CVE-2022-22965  Leads to


Which says the following information which is important.

CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+

Affected VMware Products and Versions

Severity is critical unless otherwise noted.

  • Spring Framework
    • 5.3.0 to 5.3.17
    • 5.2.0 to 5.2.19
    • Older, unsupported versions are also affected


Time to work on your vulnerability management

Contact Us to discuss.


Update on April 11th – there are now indications of successful attacks:

Portswigger.net  post:

Attackers are abusing Spring4Shell vulnerability to spread Mirai botnet malware

Unfortunately it did not take long to see this vulnerability being exploited.


And I see it on(mid-day on the 11th of April) Internet Storm Center now: https://isc.sans.edu/

From their forum area – it was briefly put on the front page.

Internet storm center gets into a lot more detail of a probe – to see if your systems are vulnerable.

Our “First Seen URL” page did show attempts to access /actuator/gateway/routes this weekend. So I dug in a bit deeper to see what these scans are all about. The scans originate from and have been going on for a few days already, but our first-seen list doesn’t display them until they hit a threshold to consider the scans significant. We also see scans from a couple of our IPs, but at a much lower level.

A typical complete request from

GET /actuator/gateway/routes HTTP/1.1
Host: [redacted]:80
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
Accept-Encoding: gzip
Connection: close

So it looks like the probes are looking for more vulnerabilities besides Spring4Shell.


Contact Us to discuss.



By zafirt

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.