logpresso / CVE-2021-44228-Scanner

Vulnerability scanner and mitigation patch for Log4j2 CVE-2021-44228
Apache License 2.0
852 stars 173 forks source link

Spring Framework for Java vulnerable to remote code execution CVE-2022-22965 #285

Open doctore74 opened 2 years ago

doctore74 commented 2 years ago

Hi,

do you have any plans to integrate the detection for Spring4Shell (CVE-2022-22965)?

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22965

https://unit42.paloaltonetworks.com/cve-2022-22965-springshell/

xeraph commented 2 years ago

No.. I think it's relatively easy to spot vulnerable spring apps since operator can see any tomcat instances. I reviewed some real exploit payload in the wild and concluded it's easy to detect and block using WAF. If there are many demands for spring scanner, I will reconsider about spring scanner.. (but spring scanner should be another repo in that case)

doctore74 commented 2 years ago

I see. Thanks for the quick answer.

cstegm commented 2 years ago

Hi @xeraph ! I would Love to see a spring scanner i think it could be very helpful!

funksen commented 2 years ago

hi, +1 :) since you are already extracting all jar and war files it would be really cool to have searched for both issues, for now I use https://github.com/hillu/local-spring-vuln-scanner and run both commands periodically

romestylez commented 2 years ago

I would love to see a CVE-2022-22965 scanner !

doctore74 commented 2 years ago

@xeraph An integration would be best practise. We would not need a second run over the same files.

romestylez commented 2 years ago

@xeraph An integration would be best practise. We would not need a second run over the same files.

I would like another tool. Possibly its different servers then before. So two tools would be great.

DoronGaznavi commented 2 years ago

Hi, I also would love to see Spring scanning, it will be great :)

greg-michael commented 2 years ago

I will add my name to the list for a scanner. Thanks.