search cancel

DLP assessment of CVE-2022-22950 - Spring Framework Denial of Service (DoS) Vulnerability

book

Article ID: 240014

calendar_today

Updated On:

Products

Data Loss Prevention Core Package

Issue/Introduction

The vulnerability exists in the Spring Framework, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.

Vulnerable Versions:
Spring framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older are vulnerable.

QID Detection: (Authenticated) - Linux
Detection logic executes locate -b -e -r '^spring\-core.*\.jar$' command, ls -l /proc/*/fd | grep -Eo '\S+\/spring\S+jar' | uniq 2> /dev/null and checks if the spring-core-*.jar present on the system.

QID Detection: (Authenticated) - Windows
On Windows system, the QID identifies vulnerable instance of Spring via WMI to check spring-core is included in the running processes via command-line

QID Detection: (Authenticated) - MacOS
Detection logic executes locate command to check the presence of spring-core jar files on a system.

NOTE: This is not Spring4Shell (or SpringShell) vulnerability, which is described by CVE-2022-22965. For Spring4Shell info, please see public advisories for all of Broadcom Software: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/CriticalAlerts/0/20476

Environment

Release: 15.7 & 15.8

Component:  Enforce

Resolution

DLP does not use Spring Expression language, and is not vulnerable.

Additional Information

CVE-2022-22950 (Spring DoS vulnerability)