Spring4Shell/RCE in Spring Core-Simple Analysis

Michael Koczwara
3 min readApr 3, 2022

Spring4Shell simple POC/CVE-2022–22965

Affected Software and Versions

Existing proofs of concept (POCs) for exploitation work under the following conditions:

  • JDK 9 or higher
  • Apache Tomcat as the Servlet container
  • Packaged as a traditional WAR (in contrast to a Spring Boot…
Michael Koczwara