| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2022-22965 | Spring Framework JDK 9+ Remote Code Execution Vulnerability | primary_impact | T1059 | Command and Scripting Interpreter |
Comments
This remote code execution (RCE) vulnerability affects Spring MVC or Spring WebFlux applications running on JDK 9+ when deployed on Tomcat as a WAR file. This vulnerability can be exploited by a remote attacker via data binding, allowing malicious actors to execute arbitrary code. Specifically, it has been used to deploy and execute the Mirai botnet malware. The exploit involves downloading a Mirai sample to the "/tmp" directory and changing its permissions to make it executable using "chmod." The malware is then executed, enabling further malicious activities. The vulnerability does not affect applications deployed as Spring Boot executable jars. Observations of this exploit began in early April 2022, with malware variants available for different CPU architectures.
References
|
| CVE-2022-22965 | Spring Framework JDK 9+ Remote Code Execution Vulnerability | exploitation_technique | T1190 | Exploit Public-Facing Application |
Comments
This remote code execution (RCE) vulnerability affects Spring MVC or Spring WebFlux applications running on JDK 9+ when deployed on Tomcat as a WAR file. This vulnerability can be exploited by a remote attacker via data binding, allowing malicious actors to execute arbitrary code. Specifically, it has been used to deploy and execute the Mirai botnet malware. The exploit involves downloading a Mirai sample to the "/tmp" directory and changing its permissions to make it executable using "chmod." The malware is then executed, enabling further malicious activities. The vulnerability does not affect applications deployed as Spring Boot executable jars. Observations of this exploit began in early April 2022, with malware variants available for different CPU architectures.
References
|