• Spring Framework Class property RCE (Spring4Shell)
    Disclosure Date: 2022-03-31
    First seen: 2022-12-23
    exploit/multi/http/spring_framework_rce_spring4shell
    Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions when running on JDK 9 or above and specifically packaged as a traditional WAR and deployed in a standalone Tomcat instance are vulnerable to remote code execution due to an unsafe data binding used to populate an object from request parameters to set a Tomcat specific ClassLoader. By crafting a request to the application and referencing the org.apache.catalina.valves.AccessLogValve class through the classLoader with parameters such as the following: class.module.classLoader.resources.context.parent.pipeline.first.suffix=.jsp, an unauthenticated attacker can gain remote code execution. Authors: - vleminator <vleminator@gmail.com>
  • Spring Cloud Function SpEL Injection
    Disclosure Date: 2022-03-29
    First seen: 2022-12-23
    exploit/multi/http/spring_cloud_function_spel_injection
    Spring Cloud Function versions prior to 3.1.7 and 3.2.3 are vulnerable to remote code execution due to using an unsafe evaluation context with user-provided queries. By crafting a request to the application and setting the spring.cloud.function.routing-expression header, an unauthenticated attacker can gain remote code execution. Both patched and unpatched servers will respond with a 500 server error and a JSON encoded message. Authors: - m09u3r - hktalent - Spencer McIntyre
  • Spring Cloud Gateway Remote Code Execution
    Disclosure Date: 2022-01-26
    First seen: 2022-12-23
    exploit/linux/http/spring_cloud_gateway_rce
    This module exploits an unauthenticated remote code execution vulnerability in Spring Cloud Gateway versions = 3.1.0 and 3.0.0 to 3.0.6. The vulnerability can be exploited when the Gateway Actuator endpoint is enabled, exposed and unsecured. An unauthenticated attacker can use SpEL expressions to execute code and take control of the victim machine. Authors: - Ayan Saha
3 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers. Visit metasploit web site for more details
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!