Apr 04, 20227.4.040


  • Scan for the Spring4Shell vulnerability with the updated Remote Code Execution (RCE) attack module. The Spring4Shell vulnerability (CVE-2022-22965) affects Spring MVC and Spring WebFlux applications running Java Development Kit (JDK) versions 9 and later. A new feature was introduced in JDK 9 that allows access to the ClassLoader from a class. This vulnerability can be exploited for RCE on Tomcat applications because of the features provided by the ClassLoader, but exploits for other ClassLoaders may be discovered.