all InfoSec news
The Spring4Shell vulnerability: Overview, detection, and remediation
Datadog Security Labs securitylabs.datadoghq.com
On March 29, 2022, a critical vulnerability targeting the Spring Java framework was disclosed. This vulnerability was initially confused with a vulnerability in Spring Cloud, CVE-2022-22963. However, it was later identified as a separate vulnerability inside Spring Core, now tracked as CVE-2022-22965 and canonically named Spring4Shell.
This vulnerability affects Spring Core and allows an attacker to send a specially crafted HTTP request to bypass protections in the library's HTTP request parser, leading to remote code execution. Several proofs of …
detection remediation spring4shell spring4shell vulnerability vulnerability