VNIS Origin Shield Firewall Removes Spring4shell Vulnerability

Spring4shell is a vulnerability in the open-source Spring Framework application (used to provide and support the infrastructure to develop Java-based applications or website layers).

This vulnerability is rated extremely severe at 9.8/10 by the CVSS (Common Vulnerability Score System) vulnerability scoring system, which was announced on March 29, 2022, by a group of Chinese security professionals (it has been removed).

Because programmers frequently utilize Spring Framework in conjunction with Java software to build application layers and commercial websites. Due to the obvious Spring4shell vulnerability, hackers will be able to simply exploit it to acquire unauthorized access to all vital data on the corporate website, as well as complete control over all corporate website resources.

According to Upgard, cybersecurity experts anticipate that the impact of the Spring4shell flaw will be comparable to the threats posed by vulnerabilities like Log4j, Heartbleed, and Shellshock.

This is a report of firms affected by Spring4shell from numerous nations throughout the world, according to CheckPoint's report.

CheckPoint's statistics on the industries affected by the Spring4Shell vulnerability show that software vendors are the most affected, with losses of up to 28 percent.

Stage 1.

The hackers are sending these queries in order to generate a JSP (JavaServer Pages) file, which allows them to pass attributes using query parameters to decide where they can write the value and run the code.

Stage 2.

Following the successful creation of the JSP by the hackers. They'll use curl to send a request to run a remote shell command with pre-defined parameters. As an example,

curl http://localhost:8080/shell.jsp?cmd=whoami

More specifically, the JSP file will be written to web apps/ROOT/ and will include the payload from the Tomcat template attribute set mentioned earlier. This file will be used to connect to the server, as well as to access the cmd query parameters. And you may use it to run any Linux command. Once the hacker has successfully accessed the server, use the example "whoami." Using the cmd argument, hackers are able to do whatever they want.

When it comes to vulnerabilities that cause damage to corporate websites, VNIS is a platform that delivers comprehensive security solutions. VNIS is a modern technology that ensures the stability of a business website even while it is under attack.

The CRS (Core Rule Set manager) and the firewall (Cloud WAF) protects the origin server.

With over 2,000 sets of security rules built-in with CRS control capabilities, the firewall protects the origin server. VNIS can now filter request variables such as to request parameters, URL, and request content. As a result, any variable (on request) containing the attack syntax "class.module.classLoader" will be intercepted by VNIS, and the request will be stored as a threat to the origin server.

VNIS also has its own cloud-based firewall (Cloud WAF - Web Application Firewall). Indirectly aids enterprises in the fight against application layer threats (Layer 7). In addition, there are web firewall systems in several nations. All key security vulnerabilities mentioned by OWASP can be detected and immediately blocked by VNIS (top 10 OWASP). Broken Access Control, SQL Injection, Cryptographic Failures, and so on are only a few examples.

Content Delivery Network (CDN)

Apart from that, we provide a sophisticated cloud-based firewall system. VNIS is a complete website transmission service for Vietnamese and foreign businesses. VNIS can assist organizations to upgrade and adding CDNs to the powerful Multi CDN system, which has more than 2,300 PoPs worldwide, thanks to the Multi CDN system's presence in many countries. With CDN capacity of up to 2,600 Tbps, VNIS can support business websites that can withstand 6 billion simultaneous views. Ensure that a company's website can function properly when the network layer (Layer 3) and the transport layer are both attacked (Layer 4). Furthermore, VNIS's Multi CDN is coupled with RUM (Real User Monitoring), a real-time monitoring solution, and AI (intelligent load balancing) (AI Loadbalancing). Assist your website in preventing unwanted access and ensuring its continued functionality in the event of an attack.

Security Operation Center (SOC)

VNIS has a monitoring system in place, as well as a skilled network security team. will ensure that your business is always supported, 24 hours a day, seven days a week. The system also keeps track of, analyzes, and reports attacks to the security staff. Attacks will thus be avoided in real-time, delivering the best possible user experience.

Businesses interested in experiencing and learning more about our website security services, please submit your contact information below or call our hotline at (028) 7306 8789.