The recently discovered critical vulnerability Spring4Shell (CVE-2022-22965) has been actively used by attackers to launch Mirai malware in Singapore since the beginning of April 2022.
“Exploiting the vulnerability allows attackers to upload Mirai samples to the /tmp folder and launch them after changing the permission using chmod,” experts from Trend Micro noted.
The problem received a score of 9.8 out of the maximum 10 on the CVSS scale and allows attackers to remotely execute code in Spring Core applications in non-standard circumstances, providing an opportunity to gain full control over compromised devices.
Earlier, the US Cybersecurity and Infrastructure Security Agency (CISA) added the Spring4Shell vulnerability to its list of known exploitable vulnerabilities based on “evidence of active exploitation”.
The vulnerability is new, and it can be exploited remotely if the Spring application is deployed on an Apache Tomcat server with a common configuration. To exploit the vulnerability, an attacker needs to establish the location and identify the installations of a web application using DeserializationUtils. The vulnerability does not affect Spring applications using Spring Boot and embedded Tomcat.