Spring4Shell/RCE in Spring Core-Simple Analysis

Michael Koczwara

3 min readApr 3, 2022

--

Spring4Shell simple POC/CVE-2022–22965

Affected Software and Versions

Existing proofs of concept (POCs) for exploitation work under the following conditions:

JDK 9 or higher
Apache Tomcat as the Servlet container
Packaged as a traditional WAR (in contrast to a Spring Boot…

Michael Koczwara

Written by Michael Koczwara

Security Researcher

Recommended from Medium

Invictus Incident Response

Email Forwarding Rules in Microsoft 365

The ultimate guide to analysing and understanding email forwarding rules in the Unified Audit Log (UAL)

8 min readFeb 20

--

Michael Koczwara

Adversaries Infrastructure-Ransomware Groups, APTs, and Red Teams

What you can learn from scanning adversaries' infra?

4 min readDec 30, 2022

--

Lists

Staff Picks

329 stories83 saves

Stories to Help You Level-Up at Work

19 stories53 saves

Self-Improvement 101

20 stories107 saves

Productivity 101

20 stories116 saves

Michael Koczwara

Sliver C2 Implant Analysis

Sliver C2 Implant Analysis

8 min readJan 12

--

The PyCoach
in
Artificial Corner

You’re Using ChatGPT Wrong! Here’s How to Be Ahead of 99% of ChatGPT Users

Master ChatGPT by learning prompt engineering.

7 min readMar 17

--

K O M A L
in
InfoSec Write-ups

Operationalizing MITRE ATT&CK to harden cyber defenses

Take Adversary’s perspective in Defender’s Team

5 min readDec 9, 2022

--

Jörg Stephan
in
Cybernotdienst.de

The risk of oversharing during incident response and what you should do with XSOAR Engines

Whenever you investigate on an potential incident you will run into the chance that you are simply over sharing information with the…

4 min readJan 23

--

See more recommendations

Help
Status
Writers
Blog
Careers
Privacy
Terms
About
Text to speech