LAST UPDATED April 20, 2022
On March 29, 2022, Spring disclosed a zero-day vulnerability – Spring4Shell. A widely used Java framework, Spring is found within many web applications. If exploited, this vulnerability could enable unauthenticated remote code execution (RCE) by attackers. This is considered a priority vulnerability that should be addressed immediately in Java applications that leverage Spring Core.
Bottom line: Spring Core is vulnerable to RCE. Upon disclosure, the ThreatX SOC developed and deployed to production a ruleset to protect against Spring4Shell exploits. All ThreatX client sensors are leveraging these precise rules to protect our customers while preventing false positives. ThreatX has additional rules deployed to specific customers that are particularly at risk of a Spring4Shell exploit. If you feel you are at risk, reach out to the ThreatX SOC to obtain this specific ruleset. The ThreatX SOC will continue testing against known payloads and monitoring the progression of the Spring4Shell exploit. We encourage customers to reach out to the ThreatX SOC with any questions or support required to address Spring4Shell at firstname.lastname@example.org.