search cancel

Is Symantec Endpoint Protection vulnerable to Spring4shell CVE-2022-22965

book

Article ID: 238327

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Researchers have found a remote code execution 0-day vulnerability (dubbed Spring4Shell and SpringShell) in the Spring Core Java framework that allows unauthenticated remote code execution. A proof of concept was leaked for a short time on Github and although promptly removed, some were able to swiftly download it. It's been reposted on various platforms, making it available to the public.

Cause

This RCE 0-day vulnerability exists in the Spring Core with the JDK version greater than or equal to 9.0. It allows an unauthenticated attacker to execute arbitrary code on the target system. The Spring Framework is a popular Java platform that provides comprehensive infrastructure support for developing Java applications.

Environment

Release : 14.3 RU4

Resolution

Symantec Security Response has published the following protections based on proof of concepts (POC).

File-based

  • Hacktool 
  • Hacktool.Spring4shell


Network-based

  • Audit: Spring Core Spring4Shell Activity
  • Web Attack: Spring Core Spring4Shell Activity 2 


Policy-based

  • Data Center Security (DCS) Intrusion Prevention (with default policies) provides zero-day protection against exploitation of the Spring4Shell vulnerability.

 

Note: Spring Framework versions 5.3.18 and 5.2.20, which address the vulnerability, are now available. Also temporary remediations steps were provided earlier by researchers at Praetorian.

Praetorian - Spring Core on JDK9+ is vulnerable to remote code execution
https://www.praetorian.com/blog/spring-core-jdk9-rce/

Additional Information

Syamntec Protection Bullentins
Threat Alert: Spring4Shell (CVE-2022-22965) vulnerability
https://www.broadcom.com/support/security-center/protection-bulletin#blta69615250a6a88b8_en-us

Symantec Security Advisory for Spring Framework CVE-2022-22965
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20427

Syamntec Enterprise Blogs
Spring4Shell: New Zero-day RCE Vulnerability Uncovered in Java Framework
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/spring4shell-rce-vuln-java

https://www.cyberkendra.com/2022/03/springshell-rce-0-day-vulnerability.html
https://www.praetorian.com/blog/spring-core-jdk9-rce/
https://www.lunasec.io/docs/blog/spring-rce-vulnerabilities/ https://www.bleepingcomputer.com/news/security/new-spring-java-framework-zero-day-allows-remote-code-execution/