mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-09 15:15:46 +02:00
0xMarcio
16 KiB
16 KiB
CVE-2022-22965
&color=brighgreen)
Description
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
POC
Reference
- http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html
- http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
Github
- https://github.com/0ofo/vul-check
- https://github.com/0x801453/SpringbootGuiExploit
- https://github.com/0xr1l3s/CVE-2022-22965
- https://github.com/0xrobiul/CVE-2022-22965
- https://github.com/0zvxr/CVE-2022-22965
- https://github.com/13exp/SpringBoot-Scan-GUI
- https://github.com/189569400/Meppo
- https://github.com/20142995/Goby
- https://github.com/20142995/pocsuite3
- https://github.com/20142995/sectool
- https://github.com/2lambda123/SBSCAN
- https://github.com/2lambda123/spring4shell-scan
- https://github.com/4nth0ny1130/spring4shell_behinder
- https://github.com/ADP-Dynatrace/dt-appsec-powerup
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/AabyssZG/SpringBoot-Scan
- https://github.com/Axx8/SpringFramework_CVE-2022-22965_RCE
- https://github.com/BBD-YZZ/GUI-TOOLS
- https://github.com/BC-SECURITY/Moriarty
- https://github.com/BKLockly/CVE-2022-22965
- https://github.com/Bl0omZ/JAVAExploitStudy
- https://github.com/BobTheShoplifter/Spring4Shell-POC
- https://github.com/CLincat/vulcat
- https://github.com/CVEDB/PoC-List
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/CVEDB/top
- https://github.com/CalumHutton/CVE-2022-22965-PoC_Payara
- https://github.com/D1mang/Spring4Shell-CVE-2022-22965
- https://github.com/DDuarte/springshell-rce-poc
- https://github.com/DataDog/security-labs-pocs
- https://github.com/Enokiy/cve_learning_record
- https://github.com/Enokiy/javaThings
- https://github.com/Enokiy/java_things
- https://github.com/Enokiy/spring-RCE-CVE-2022-22965
- https://github.com/FourCoreLabs/spring4shell-exploit-poc
- https://github.com/GhostTroops/TOP
- https://github.com/GibzB/THM-Captured-Rooms
- https://github.com/GoogleCloudPlatform/security-analytics
- https://github.com/GuayoyoCyber/CVE-2022-22965
- https://github.com/Gunavardhan-Naidu/Firewall_Server
- https://github.com/Habib0x0/Spring4Shell
- https://github.com/HackJava/HackSpring
- https://github.com/HackJava/Spring
- https://github.com/HimmelAward/Goby_POC
- https://github.com/Iyamroshan/CVE-2022-22965
- https://github.com/JERRY123S/all-poc
- https://github.com/Joe1sn/CVE-2022-22965
- https://github.com/Kirill89/CVE-2022-22965-PoC
- https://github.com/Ljw1114/SpringFramework-Vul
- https://github.com/Loneyers/Spring4Shell
- https://github.com/LucasPDiniz/CVE-2022-22965
- https://github.com/LucasPDiniz/StudyRoom
- https://github.com/LudovicPatho/CVE-2022-22965_Spring4Shell
- https://github.com/Mr-xn/Penetration_Testing_POC
- https://github.com/Mr-xn/spring-core-rce
- https://github.com/NCSC-NL/spring4shell
- https://github.com/NaInSec/CVE-PoC-in-GitHub
- https://github.com/NodyHub/fifi
- https://github.com/OWASP/www-project-ide-vulscanner
- https://github.com/Omaraitbenhaddi/-Spring4Shell-CVE-2022-22965-
- https://github.com/OpenNMS/opennms-spring-patched
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/OverflowMyBuffers/Spring4ShellScanner
- https://github.com/Pear1y/Vuln-Env
- https://github.com/Pear1y/VulnEnv
- https://github.com/PetrusViet/Poc-Spring4Shell-Jetty
- https://github.com/Qualys/spring4scanwin
- https://github.com/Rakshithac183/Palo-Alto-Networks
- https://github.com/Retrospected/spring-rce-poc
- https://github.com/RinkuDas7857/Vuln
- https://github.com/RogerSugit/spring_onekeyshell
- https://github.com/SYRTI/POC_to_review
- https://github.com/SeanWrightSec/spring-rce-poc
- https://github.com/Secd0g/go-awvscan
- https://github.com/SheL3G/Spring4Shell-PoC
- https://github.com/SnailDev/github-hot-hub
- https://github.com/Snip3R69/spring-shell-vuln
- https://github.com/Sparrow-Co-Ltd/real_cve_examples
- https://github.com/SummerSec/BlogPapers
- https://github.com/SummerSec/SpringExploit
- https://github.com/SummerSec/SummerSec
- https://github.com/TheGejr/SpringShell
- https://github.com/Threekiii/Awesome-Exploit
- https://github.com/Threekiii/Awesome-POC
- https://github.com/Threekiii/Vulhub-Reproduce
- https://github.com/Trendyol/AppSec-Presentations
- https://github.com/TungLVHE163594/Spring4Shell-CVE-2022-22965
- https://github.com/VeerMuchandi/s3c-springboot-demo
- https://github.com/W3BZT3R/Inject
- https://github.com/WhooAmii/POC_to_review
- https://github.com/Will-Beninger/CVE-2022-22965_SpringShell
- https://github.com/WingsSec/Meppo
- https://github.com/Wrin9/CVE-2022-22965
- https://github.com/Wrin9/POC
- https://github.com/XRSec/AWVS14-Update
- https://github.com/XRSecAdmin/AWVS14-Update
- https://github.com/XuCcc/VulEnv
- https://github.com/Y4tacker/JavaSec
- https://github.com/Z0fhack/Goby_POC
- https://github.com/acibojbp/Telstra-Spring4Shell
- https://github.com/ajith737/Spring4Shell-CVE-2022-22965-POC
- https://github.com/anair-it/springshell-vuln-POC
- https://github.com/anquanscan/sec-tools
- https://github.com/au-abd/python-stuff
- https://github.com/au-abddakkak/python-stuff
- https://github.com/avboy1337/CVE-2022-22966
- https://github.com/avergnaud/spring4shell-intro
- https://github.com/ax1sX/SpringSecurity
- https://github.com/bL34cHig0/Telstra-Cybersecurity-Virtual-Experience-
- https://github.com/bakery312/Vulhub-Reproduce
- https://github.com/basu1706/590JFinalProject
- https://github.com/bb33bb/CVE-2022-22966
- https://github.com/binganao/vulns-2022
- https://github.com/bollwarm/SecToolSet
- https://github.com/bowwowxx/spring4Shell
- https://github.com/brootware/awesome-cyber-security-university
- https://github.com/brootware/cyber-security-university
- https://github.com/c33dd/CVE-2022-22965
- https://github.com/c4mx/CVE-2022-22965_PoC
- https://github.com/chaosec2021/CVE-2022-22965-POC
- https://github.com/chaosec2021/EXP-POC
- https://github.com/chaosec2021/fscan-POC
- https://github.com/charonlight/SpringExploitGUI
- https://github.com/chenzhouwen/vul-check
- https://github.com/chiangyaw/pc-demo-temp
- https://github.com/clemoregan/SSE4-CVE-2022-22965
- https://github.com/cnspary/Spring4Shell
- https://github.com/codedsprit/CVE-2022-22965
- https://github.com/coffeehb/Spring4Shell
- https://github.com/colincowie/Safer_PoC_CVE-2022-22965
- https://github.com/crac-learning/CVE-analysis-reports
- https://github.com/cristianovisk/intel-toolkit
- https://github.com/cxzero/CVE-2022-22965-spring4shell
- https://github.com/cyberanand1337x/bug-bounty-2022
- https://github.com/cybersecurityworks553/spring4shell-exploit
- https://github.com/czhouw/vul-check
- https://github.com/dacesmo/kcd-costarica-scarleteel-unanubedeeventosdesconfigurados
- https://github.com/daniel0x00/Invoke-CVE-2022-22965-SafeCheck
- https://github.com/datawiza-inc/spring-rec-demo
- https://github.com/dbgee/Spring4Shell
- https://github.com/devengpk/CVE-2022-22965
- https://github.com/dotnes/spring4shell
- https://github.com/draios/onprem-install-docs
- https://github.com/dravenww/curated-article
- https://github.com/dtact/spring4shell-scanner
- https://github.com/edsonjt81/spring4shell
- https://github.com/edsonjt81/spring4shell-scan
- https://github.com/elijah-g-14/Spring4Shell-Demo
- https://github.com/feereel/wb_soc
- https://github.com/fracturelabs/go-scan-spring
- https://github.com/fracturelabs/spring4shell_victim
- https://github.com/fransvanbuul/CVE-2022-22965-susceptibility
- https://github.com/fullhunt/spring4shell-scan
- https://github.com/getastra/hypejab
- https://github.com/giterlizzi/secdb-feeds
- https://github.com/gog1071/Spring4Shell-CVE-2022-22965
- https://github.com/gokul-ramesh/Spring4Shell-PoC-exploit
- https://github.com/govindarajulumedini/docker-poc
- https://github.com/gpiechnik2/nmap-spring4shell
- https://github.com/gwyomarch/CVE-Collection
- https://github.com/h4ck0rman/Spring4Shell-PoC
- https://github.com/hab1b0x/Spring4Shell
- https://github.com/helsecert/CVE-2022-22965
- https://github.com/hillu/local-spring-vuln-scanner
- https://github.com/hinat0y/Dataset1
- https://github.com/hinat0y/Dataset10
- https://github.com/hinat0y/Dataset11
- https://github.com/hinat0y/Dataset12
- https://github.com/hinat0y/Dataset2
- https://github.com/hinat0y/Dataset3
- https://github.com/hinat0y/Dataset4
- https://github.com/hinat0y/Dataset5
- https://github.com/hinat0y/Dataset6
- https://github.com/hinat0y/Dataset7
- https://github.com/hinat0y/Dataset8
- https://github.com/hinat0y/Dataset9
- https://github.com/hktalent/TOP
- https://github.com/hktalent/bug-bounty
- https://github.com/huan-cdm/secure_tools_link
- https://github.com/huimzjty/vulwiki
- https://github.com/iloveflag/Fast-CVE-2022-22965
- https://github.com/irgoncalves/f5-waf-enforce-sig-Spring4Shell
- https://github.com/irgoncalves/irule-cve-2022-22965
- https://github.com/itsecurityco/CVE-2022-22965
- https://github.com/iwarsong/CVE-2022-22965-POC
- https://github.com/iyamroshan/CVE-2022-22965
- https://github.com/iyamrotrix/CVE-2022-22965
- https://github.com/j4k0m/spring4shell-secdojo
- https://github.com/jakabakos/CVE-2022-22965-Spring4Shell
- https://github.com/jakabakos/spring4shell
- https://github.com/jbmihoub/all-poc
- https://github.com/jfrog/jfrog-spring-tools
- https://github.com/jrgdiaz/Spring4Shell-CVE-2022-22965.py
- https://github.com/jschauma/check-springshell
- https://github.com/junxiant/xnat-aws-monailabel
- https://github.com/justmumu/SpringShell
- https://github.com/k0mi-tg/CVE-POC
- https://github.com/k3rwin/spring-core-rce
- https://github.com/karimhabush/cyberowl
- https://github.com/kevin-s31/spring-bean
- https://github.com/kh4sh3i/Spring-CVE
- https://github.com/khidottrivi/CVE-2022-22965
- https://github.com/khulnasoft-lab/awesome-security
- https://github.com/khulnasoft-labs/awesome-security
- https://github.com/kongjiexi/reznok-Spring4Shell-POC
- https://github.com/kun-g/Scraping-Github-trending
- https://github.com/lamyongxian/crmmvc
- https://github.com/lamyongxian/cs5439-spring4shell
- https://github.com/langu-xyz/JavaVulnMap
- https://github.com/lcarea/CVE-2022-22965
- https://github.com/lcarea/PocSuite_POC
- https://github.com/leoambrus/CheckersNomisec
- https://github.com/liangyueliangyue/spring-core-rce
- https://github.com/light-Life/CVE-2022-22965-GUItools
- https://github.com/likewhite/CVE-2022-22965
- https://github.com/lions2012/Penetration_Testing_POC
- https://github.com/lolminerxmrig/Capricornus
- https://github.com/lonnyzhang423/github-hot-hub
- https://github.com/luoqianlin/CVE-2022-22965
- https://github.com/lzbzzz/JAVAExploitStudy
- https://github.com/magicming200/ChatGPT-Function-Call-Red-Team-Tool
- https://github.com/mamba-2021/EXP-POC
- https://github.com/mamba-2021/fscan-POC
- https://github.com/manas3c/CVE-POC
- https://github.com/mariomamo/CVE-2022-22965
- https://github.com/matheuscezar/spring4shell-massive-scan
- https://github.com/me2nuk/CVE-2022-22965
- https://github.com/mebibite/springhound
- https://github.com/metaStor/SpringScan
- https://github.com/mikaelkall/Spring4Shell
- https://github.com/mirsaes/cyao2pdf
- https://github.com/mrfossbrain/CVE-2022-22965
- https://github.com/muldos/dgs-skeleton
- https://github.com/murchie85/twitterCyberMonitor
- https://github.com/mwojterski/cve-2022-22965
- https://github.com/n11dc0la/PocSuite_POC
- https://github.com/nBp1Ng/FrameworkAndComponentVulnerabilities
- https://github.com/nBp1Ng/SpringFramework-Vul
- https://github.com/netcode/Spring4shell-CVE-2022-22965-POC
- https://github.com/netlas-io/netlas-cookbook
- https://github.com/netsentriesdev/spring4Shell-Safe-Exploit
- https://github.com/nitish778191/fitness_app
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/nu0l/CVE-2022-22965
- https://github.com/nu1r/yak-module-Nu
- https://github.com/onewinner/VulToolsKit
- https://github.com/onurgule/S4S-Scanner
- https://github.com/opennms-forge/opennms-spring-patched
- https://github.com/p1ckzi/CVE-2022-22965
- https://github.com/paulseo0827/Amazon-EKS-Security
- https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main
- https://github.com/pipiscrew/timeline
- https://github.com/pvnovarese/2022-04-enterprise-demo
- https://github.com/pwnwriter/CVE-2022-22965
- https://github.com/queencitycyber/Spring4Shell-cURL
- https://github.com/radiusmethod/awesome-gists
- https://github.com/rainboyan/grails-issue-12460-demo
- https://github.com/rajasoun/spring4shell-tomcat
- https://github.com/redhuntlabs/Hunt4Spring
- https://github.com/renovatebot/spring-remediations
- https://github.com/reznok/Spring4Shell-POC
- https://github.com/ribeirux/spring4shell
- https://github.com/robiul-awal/CVE-2022-22965
- https://github.com/rtkwlf/wolf-tools
- https://github.com/rwincey/spring4shell-CVE-2022-22965
- https://github.com/scordero1234/java_sec_demo-main
- https://github.com/seal-community/patches
- https://github.com/shengshengli/fscan-POC
- https://github.com/sinjap/spring4shell
- https://github.com/snicoll-scratches/spring-boot-cve-2022-22965
- https://github.com/sohamsharma966/Spring4Shell-CVE-2022-22965
- https://github.com/sr-monika/sprint-rest
- https://github.com/sspsec/Scan-Spring-GO
- https://github.com/sule01u/SBSCAN
- https://github.com/sunnyvale-it/CVE-2022-22965-PoC
- https://github.com/sunnyvale-it/cvss-calculator
- https://github.com/superfish9/pt
- https://github.com/superlink996/chunqiuyunjingbachang
- https://github.com/syalioune/spring4shell-jdk8-demo
- https://github.com/t3amj3ff/Spring4ShellPoC
- https://github.com/talentsec/SpringShell
- https://github.com/tangxiaofeng7/CVE-2022-22965-Spring-CachedintrospectionResults-Rce
- https://github.com/tangxiaofeng7/CVE-2022-22965-Spring-Core-Rce
- https://github.com/teresaweber685/book_list
- https://github.com/test502git/awvs14-scan
- https://github.com/thenurhabib/s4sScanner
- https://github.com/thomasvincent/Spring4Shell-resources
- https://github.com/thomasvincent/spring-shell-resources
- https://github.com/thomasvincent/springshell
- https://github.com/tpt11fb/SpringVulScan
- https://github.com/trhacknon/CVE-2022-22965
- https://github.com/trhacknon/Pocingit
- https://github.com/trhacknon/Spring4Shell-POC
- https://github.com/tweedge/springcore-0day-en
- https://github.com/twseptian/cve-2022-22965
- https://github.com/vasoo4411/Sample-Kubernetes-Cluster
- https://github.com/veo/vscan
- https://github.com/viniciuspereiras/CVE-2022-22965-poc
- https://github.com/wcoreiron/Sentinel_Analtic_Rules
- https://github.com/webraybtl/springcore_detect
- https://github.com/weeka10/-hktalent-TOP
- https://github.com/west-wind/Spring4Shell-Detection
- https://github.com/west-wind/Threat-Hunting-With-Splunk
- https://github.com/whitesource/spring4shell-detect
- https://github.com/whoami0622/CVE-2022-22965-POC
- https://github.com/whoforget/CVE-POC
- https://github.com/wikiZ/springboot_CVE-2022-22965
- https://github.com/wjl110/CVE-2022-22965_Spring_Core_RCE
- https://github.com/wshon/spring-framework-rce
- https://github.com/xnderLAN/CVE-2022-22965
- https://github.com/xuetusummer/Penetration_Testing_POC
- https://github.com/yevh/VulnPlanet
- https://github.com/youwizard/CVE-POC
- https://github.com/zangcc/CVE-2022-22965-rexbb
- https://github.com/zecool/cve
- https://github.com/zer0yu/CVE-2022-22965
- https://github.com/zjc9/mytools
- https://github.com/zjx/Spring4Shell-RCE