HTTP: VMware Spring Core Remote Code Execution
This signature detects attempts to exploit a known vulnerability against VMware Spring Framework Data Binding ClassLoader. A successful attack can lead to security bypass.
Extended Description
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
Affected Products
Oracle communications_unified_inventory_management
References
CVE: CVE-2022-22965
Short Name
HTTP:CTS:VMWR-SPRING-CORE-RCE
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2022-22965 Code Core Execution Remote Spring VMware
Release Date
03/31/2022
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3751
False Positive
Unknown
Vendors
Oracle
Siemens
Cisco
Veritas
CVSS Score
7.5