At the end of March, the details of Spring4Shell vulnerability has leaked into the Chinese communication networks before the necessary actions were taken. Spring then released a patch for the vulnerability. However, since the flaw was already disclosed, hackers began the abuse it immediately; before the fix of the systems. Now, several reports are coming from all around the world regarding Spring4Shell vulnerability.
1 in 6 organizations was impacted by attempts
According to Check Point, 16% of the organizations worldwide were impacted by exploitation attempts. In its first 4 days, Check Point Research has detected 37,000 attempts. The most affected industry is software vendors; 28% of the organizations were impacted. As a region, Europe sits at the top with 20%.
Microsoft has stated that they are currently tracking exploitation attempts across their cloud services as well. Although, the attacks targetting their cloud systems are currently low in volume. On the other hand, U.S. Cybersecurity and Infrastructure Security Agency, CISA, has added the vulnerability to its Known Exploited Vulnerabilities Catalog.
Spring4Shell vulnerability can be tracked as CVE-2022-22695, and it has a CVSS score of 9.8. The vulnerability allows attackers to execute remote code, which makes it very dangerous. However, it has some dependencies as well. The target must be using JDK 9.0 or later as well as Spring Framework versions between 5.3.0 – 5.3.17, and 5.2.0 – 5.2.19. It should be using Apache Tomcat as the Servlet container and it should be packaged as a traditional Java web archive, deployed in a standalone Tomcat instance.