LudovicPatho/CVE-2022-22965_Spring4Shell LudovicPatho/CVE-2022-22965_Spring4Shell

  • Stars
    star
    1
  • Language
    Python
  • Created over 2 years ago
  • Updated over 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
LudovicPatho/CVE-2022-22965_Spring4Shell
github

LudovicPatho

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.

More Repositories

1

CVE-2022-26923_AD-Certificate-Services

The vulnerability allowed a low-privileged user to escalate privileges to domain administrator in a default Active Directory environment with the Active Directory Certificate Services (AD CS) server role installed.
34
star
2

Sanitization-en-PHP

Petit tuto sur la sanitization en php.
14
star
3

cheat-sheet-ES5-VS-ES6

Les diffรฉrences entre ES5 et ES2016
7
star
4

algo_and_pseudo_code

Exercices d'algorithme et utilisation du pseudo-code
4
star
5

CVE-2022-0847_dirty-pipe

Hacked up Dirty Pipe (CVE-2022-0847) PoC that hijacks a SUID binary to spawn a root shell. (and attempts to restore the damaged binary as well)
C
2
star
6

CVE-2021-41773

The first vulnerability with the CVE identifier CVE-2021-41773 is a path traversal flaw that exists in Apache HTTP Server 2.4.49.
Dockerfile
2
star