whx
/
killchain-compendium
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
killchain-compendium/Exploits/Java/Spring4Shell.md

436 B
Raw Blame History

CVE-2022-22965

  • Mitre CVE details

  • Follow up to CVE-2010-1622 by circumventing the patch for the vulnerability

  • RCE of *.jsp files through tomcat HTTP post request

  • Conditions

    • jdk9

    • Spring framework < 5.2, 5.2.0-19, 5.3.0-17
    • Apache tomcat
    • spring as WAR package
    • spring-webvmc or spring-webflux components of the spring framework