all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

The Spring4Shell vulnerability: Overview, detection, and remediation

Add to bookmarks
April 1, 2022, midnight |

Datadog Security Labs securitylabs.datadoghq.com

On March 29, 2022, a critical vulnerability targeting the Spring Java framework was disclosed. This vulnerability was initially confused with a vulnerability in Spring Cloud, CVE-2022-22963. However, it was later identified as a separate vulnerability inside Spring Core, now tracked as CVE-2022-22965 and canonically named Spring4Shell.


This vulnerability affects Spring Core and allows an attacker to send a specially crafted HTTP request to bypass protections in the library's HTTP request parser, leading to remote code execution. Several proofs of …

detection remediation spring4shell spring4shell vulnerability vulnerability

Visit resource

More from securitylabs.datadoghq.com / Datadog Security Labs

Amplified exposure: How AWS flaws made Amplify IAM roles vulnerable to takeover 3 weeks, 6 days ago | securitylabs.datadoghq.com
amplify aws disclosure exposed +11
The XZ Utils backdoor (CVE-2024-3094): Everything you need to know, and more 1 month, 1 week ago | securitylabs.datadoghq.com
ages backdoor backdoors cve +9
A threat-informed roadmap for securing Kubernetes clusters (KubeCon EU 2024) 1 month, 2 weeks ago | securitylabs.datadoghq.com
attacks clusters controls kubecon +8
Tales from the cloud trenches: Using malicious AWS activity to spot phishing campaigns 1 month, 3 weeks ago | securitylabs.datadoghq.com
aws campaign campaigns cloud +5
Kubernetes security fundamentals: Authentication 3 months ago | securitylabs.datadoghq.com
authentication fundamentals kubernetes kubernetes security +1
An analysis of a TeamTNT doppelgänger 3 months, 1 week ago | securitylabs.datadoghq.com
analysis api api endpoints backdoors +7
Tales from the cloud trenches: Amazon ECS is the new EC2 for crypto mining 3 months, 3 weeks ago | securitylabs.datadoghq.com
amazon amazon ecs attacks aws +11
From IRC to Instant Messaging: The Rise of Malware Communication via Chat Platforms 4 months ago | securitylabs.datadoghq.com
chat communication datadog instant messaging +9
Highlights from Datadog Security Labs in 2023 4 months, 1 week ago | securitylabs.datadoghq.com
datadog labs security

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

GCP Incident Response Engineer

@ Publicis Groupe | Dallas, Texas, United States
View on infosec-jobs.com

DevSecOps Engineer - CL - Santiago

@ Globant | Santiago de Chile, Santiago, CL
View on infosec-jobs.com

IT Security Analyst - State Government & Healthcare

@ NTT DATA | Little Rock, AR, US
View on infosec-jobs.com

Exploit Developer

@ Peraton | Fort Meade, MD, United States
View on infosec-jobs.com

Senior Manager, Response Analytics & Insights (Fraud Threat Management)

@ Scotiabank | Toronto, ON, CA, M3C0N5
View on infosec-jobs.com

Cybersecurity Risk Analyst IV

@ Computer Task Group, Inc | Buffalo, NY, United States
View on infosec-jobs.com
View more jobs