ThreatX Response to Spring4Shell

PUBLISHED ON March 30, 2022
LAST UPDATED April 20, 2022

On March 29, 2022, Spring disclosed a zero-day vulnerability – Spring4Shell. A widely used Java framework, Spring is found within many web applications. If exploited, this vulnerability could enable unauthenticated remote code execution (RCE) by attackers. This is considered a priority vulnerability that should be addressed immediately in Java applications that leverage Spring Core.

Bottom line: Spring Core is vulnerable to RCE. Upon disclosure, the ThreatX SOC developed and deployed to production a ruleset to protect against Spring4Shell exploits. All ThreatX client sensors are leveraging these precise rules to protect our customers while preventing false positives. ThreatX has additional rules deployed to specific customers that are particularly at risk of a Spring4Shell exploit. If you feel you are at risk, reach out to the ThreatX SOC to obtain this specific ruleset. The ThreatX SOC will continue testing against known payloads and monitoring the progression of the Spring4Shell exploit. We encourage customers to reach out to the ThreatX SOC with any questions or support required to address Spring4Shell at

About the Author

Andrew Useckas

Andrew has a varied career ranging from ethical hacking, penetration testing and security product development for the US Department of Defense, senior consulting positions for fortune 500 enterprises, and corporate CISO responsibilities for large enterprises. Andrew has an exceptional blend of software development skills combined with extensive knowledge and experience of the network and security industries.