Hackers use Spring4Shell exploit for remote code execution

SECURITY INSIGHTS | 5 April 2022

The Spring4Shell vulnerability is being used by hackers to compromise web servers with malicious code. The exploit is already being used for such attacks. Myra is providing its customers with a new rule set for Hyperscale WAF to proactively mitigate the threat. This gives vulnerable companies valuable time to test and implement the available patches and workarounds.

IT security experts see themselves faced with a new challenge from Spring4Shell. The recently leaked exploit for a vulnerability in the Java Spring Core framework allows attackers to remotely execute malicious code via a webshell. The new Java vulnerability has been dubbed Spring4Shell in reference to the critical Log4Shell vulnerability in the Java Log4J library.

As far as is currently known, all Spring releases since version 4.3 up to and including the current version 5.3.15 are affected, in each case in conjunction with JDK version 9 or higher. Combinations with older JDK variants, however, are not believed to be vulnerable. A security patch and various workarounds to address the exploit are now available—but have not yet been extensively tested. Cybercriminals are already actively exploiting Spring4Shell for attacks. It is not yet possible to conclusively determine how far-reaching the effects of the exploit are.