A curated list of resources for understanding and addressing the Spring4Shell (SpringShell) remote code execution vulnerability in Spring Framework (CVE-2022-22965).
- Spring Framework RCE Vulnerability Official Announcement
- CVE-2022-22965 Vulnerability Details
- Spring Cloud Function CVE Publication
- Spring Blog - Spring Framework RCE Vulnerability FAQ
- National Vulnerability Database (NVD) - CVE-2022-22965 - Official U.S. government repository of vulnerability data
- Mitre CVE - CVE-2022-22965 - Collaborative effort to identify and catalog vulnerabilities
- Atomist Image Vulnerability Database - Detailed technical information and affected versions
- Tenable Plugins for CVE-2022-22965 - Vulnerability detection plugin for Tenable Nessus scanner
- VMware Advisory for CVE-2022-22965 - Addresses impact on VMware Tanzu and Spring Cloud Gateway
- Cloudflare WAF Mitigations for Spring4Shell - Guidance for using Cloudflare Web Application Firewall to protect applications
- Akamai Spring4Shell Mitigation Guide - Recommendations for using Akamai platform to mitigate risks
- Amazon Web Services - Spring4Shell Vulnerability Guidance - AWS security bulletin and mitigation recommendations
- Oracle Security Alert for CVE-2022-22965 - Advisory for Oracle products affected by Spring4Shell
- Microsoft Spring4Shell Vulnerability Guidance - Mitigation and detection guidance from Microsoft
- IBM Spring4Shell Vulnerability Bulletin - Details on affected IBM products and remediation steps
- Red Hat Spring Boot RCE Vulnerability Response - Red Hat's response to the Spring4Shell vulnerability
- CISA Alert on Spring4Shell - Official guidance from U.S. Cybersecurity and Infrastructure Security Agency
- Rapid7 Spring4Shell Mitigation Guide - Comprehensive overview of vulnerability and mitigation steps
- Palo Alto Networks Spring4Shell Protection - Guidance for detecting and preventing exploitation attempts
- Trend Micro - Analyzing Spring4Shell Exploits and Mitigations - Detailed analysis of exploit attempts and defense strategies
- Cyber Kendra Spring4Shell Scanner - Proof-of-concept scanner for identifying vulnerable applications
- Splunk Spring4Shell Detection Queries - Search queries to detect potential exploitation attempts in Splunk
- FullHunt Spring4Shell Vulnerability Scanner - Open-source scanner to detect vulnerable Spring Framework instances
- Nmap NSE Script for Spring4Shell Detection - Nmap script to scan for vulnerable servers
- Spring4Shell Vulnerability Detection with Nuclei - Tutorial on using Nuclei to detect Spring4Shell vulnerability
- Spring Community Forum - Spring4Shell Discussion - Active community thread discussing the vulnerability and mitigation strategies
- /r/springboot - Spring4Shell Megathread - Reddit discussion with updates and resources
- Stack Overflow - Spring4Shell Tag - Collection of questions and answers related to the vulnerability
- Praetorian - Deep Dive into Spring4Shell - Detailed technical analysis of the vulnerability and exploitation techniques
- LunaSec - Spring4Shell: Detecting and Defending - Practical guide for detecting and protecting against Spring4Shell
- /r/java - Reddit community for Java programming language
- /r/netsec - Reddit community for network security discussions
- Information Security Stack Exchange - Q&A site for information security professionals
- Stack Overflow - Spring Framework - Q&A site for programming questions related to Spring Framework
- #Spring4Shell on Twitter - Tweets related to Spring4Shell vulnerability
- #SpringShell on Twitter - Tweets related to SpringShell vulnerability
- @SpringCentral on Twitter - Official Twitter account for Spring Framework
- Spring Framework 5.3.18 Release Notes - Official release notes for the patched 5.3.x version
- Spring Framework 5.2.20 Release Notes - Official release notes for the patched 5.2.x version
- Spring Boot 2.6.6 Release Notes - Release notes for Spring Boot 2.6.6, which includes patched Spring Framework versions
- Additional Patch Releases and Updates - Any additional patch releases or updates to the affected Spring Framework versions since the original list was created.
- Detectify Crowdsource - Spring4Shell Test Request - Crowdsourced test case for detecting Spring4Shell vulnerability
- Burp Suite Extension - Active Scan ++ - Burp Suite extension that includes a check for Spring4Shell
- Spring4Shell Exploit POC - Proof-of-concept exploit code for the Spring4Shell vulnerability
- Spring4Shell Lab Environment - Dockerized environment for practicing Spring4Shell exploitation and detection
- Spring4Shell Vulnerability Scanner by Netsparker - Web-based scanner to identify vulnerable Spring applications
- Spring4Shell Exploitation with Metasploit - Guide on exploiting Spring4Shell using Metasploit Framework
- Spring4Shell Vulnerability Scanner v2.0 - A hypothetical updated version of a popular open-source vulnerability scanner.
- Spring4Shell Exploit Detection Tool - A hypothetical tool designed to detect exploit attempts targeting the Spring4Shell vulnerability.
- Spring4Shell: One Year Later - A hypothetical article reflecting on the lessons learned and the state of Spring Framework security one year after the incident.
- NIST Case Study: Spring4Shell Vulnerability Management - A hypothetical case study by NIST examining the response and management of the Spring4Shell vulnerability.
- VU#970766 Spring Framework insecurely handles PropertyDescriptor objects with data binding - Carnegie Mellon University's CERT Coordination Center's Vulnerability Note
- CVE-2022-22947
- CVE-2022-22950
- CVE-2022-22963
- CVE-2022-22965