Vulnerability identifier: #VU61756

Vulnerability risk: Critical

CVSSv3.1: 9.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2022-22965

CWE-ID: CWE-94

Exploitation vector: Network

Exploits in database: 42

• August 14, 2022
  • CVE-2022-22965-POC (CVE-2022-22965 spring-core批量检测脚本)
• August 1, 2022
  • CVE-2022-22965 (Exploit for SpringShell.) [Github]
• June 30, 2022
  • CVE-2022-22965 (spring4shell | CVE-2022-22965) [Github]
• June 6, 2022
  • CVE-2022-22965-POC (CVE-2022-22965 spring-core批量检测脚本) [Github]
• May 12, 2022
  • Spring Framework Class property RCE (Spring4Shell) [Metasploit]
• May 2, 2022
  • spring-RCE-CVE-2022-22965 () [Github]
• April 14, 2022
  • -Spring4Shell-CVE-2022-22965- (exploitation script tryhackme ) [Github]
• April 13, 2022
  • CVE-2022-22965 (spring4shell | CVE-2022-22965) [Github]
• April 11, 2022
  • CVE-2022-22965 (Spring4Shell (CVE-2022-22965)) [Github]
  • CVE-2022-22965-PoC_Payara () [Github]
  • Spring4Shell-CVE-2022-22965.py (Script to check for Spring4Shell vulnerability) [Github]
• April 7, 2022
  • CVE-2022-22965_PoC (Spring Framework RCE (Quick pentest notes)) [Github]
  • springboot_CVE-2022-22965 (CVE-2022-22965 pocsuite3 POC) [Github]
  • spring-core-rce (springFramework_CVE-2022-22965_RCE简单利用) [Github]
  • Spring4ShellPoC (Spring4Shell PoC (CVE-2022-22965)) [Github]
  • spring4shell_behinder (CVE-2022-22965写入冰蝎webshell脚本) [Github]
• April 6, 2022
  • irule-cve-2022-22965 () [Github]
• April 5, 2022
  • CVE-2022-22965 (Spring4Shell is a critical RCE vulnerability in the Java Spring Framework and is one of three related vulnerabilities published on March 30) [Github]
  • CVE-2022-22965 (Spring Framework RCE Exploit) [Github]
  • CVE-2022-22965 (Exploit Of Spring4Shell!) [Github]
  • nmap-spring4shell (Nmap Spring4Shell NSE script for Spring Boot RCE (CVE-2022-22965) ) [Github]
  • CVE-2022-22965 (Spring Framework RCE via Data Binding on JDK 9+ / spring4shell / CVE-2022-22965) [Github]
  • CVE-2022-22965-PoC (CVE-2022-22965 (Spring4Shell) Proof of Concept) [Github]
  • springshell-vuln-POC (POC to prove springshell CVE 2022-22965) [Github]
  • Spring4shell-CVE-2022-22965-POC (Another spring4shell (Spring core RCE) POC) [Github]
  • go-scan-spring (Vulnerability scanner for Spring4Shell (CVE-2022-22965)) [Github]
• April 3, 2022
  • spring-core-rce (spring框架RCE漏洞 CVE-2022-22965) [Github]
  • CVE-2022-22965 (CVE-2022-22965 POC) [Github]
  • spring-framework-rce (CVE-2022-22965) [Github]
  • cve-2022-22965 () [Github]
  • CVE-2022-22965_Spring_Core_RCE (CVE-2022-22965\Spring-Core-RCE堪比关于 Apache Log4j2核弹级别漏洞exp的rce一键利用) [Github]
  • SpringFramework_CVE-2022-22965_RCE (SpringFramework 远程代码执行漏洞CVE-2022-22965) [Github]
  • CVE-2022-22965-Spring-CachedintrospectionResults-Rce (批量无损检测) [Github]
  • spring4shell-exploit-poc (Exploit a vulnerable Spring application with the Spring4Shell (CVE-2022-22965) Vulnerability.) [Github]
  • CVE-2022-22965 (Docker PoC for CVE-2022-22965 with Spring Boot version 2.6.5) [Github]
• March 31, 2022
  • CVE-2022-22965 (Vulnerabilidad RCE en Spring Framework vía Data Binding on JDK 9+ (CVE-2022-22965 aka "Spring4Shell")) [Github]
  • CVE-2022-22965-poc (CVE-2022-22965 poc including reverse-shell support) [Github]
  • Spring-CVE (This includes CVE-2022-22963, a Spring SpEL / Expression Resource Access Vulnerability, as well as CVE-2022-22965, the spring-webmvc/spring-webflux RCE termed "SpringShell".) [Github]
  • Spring4Shell-POC (Dockerized Spring4Shell (CVE-2022-22965) PoC application and exploit) [Github]
  • CVE-2022-22965 (Spring Framework RCE (CVE-2022-22965) Nmap (NSE) Checker (Non-Intrusive)) [Github]
  • Safer_PoC_CVE-2022-22965 (A Safer PoC for CVE-2022-22965 (Spring4Shell)) [Github]
  • Spring4Shell-POC (Spring4Shell Proof Of Concept/And vulnerable application CVE-2022-22965) [Github]

Impact: Code execution

Vulnerable software:
Pivotal Spring Framework
Server applications / Frameworks for developing and running applications

Vendor: Pivotal