Home > Cyber News > PoC Code for CVE-2010-1622 Puts Spring Core Framework at Risk

PoC Code for CVE-2010-1622 Puts Spring Core Framework at Risk

PoC Code for CVE-2010-1622 Puts Spring Core Framework at Risk
Another day, another zero-day. This time, security researchers discovered a bypass for an older zero-day, remote code execution flaw in the Spring Core framework, shortly after a proof-of-concept exploit was leaked to GitHub. Spring Core is a widely known Java framework for building Java web applications.

A Bypass for the CVE-2010-1622 Zero-Day Available

According to cybersecurity firm Praetorian, Spring Core on JDK9+ is prone to remote code execution due to a bypass for the CVE-2010-1622 vulnerability.

“At the time of writing, this vulnerability is unpatched in Spring Framework and there is a public proof-of-concept available,” the researchers said.

In specific configurations, exploitation of CVE-2010-1622 is straightforward, as it only requires an attacker to send a crafted HTTP request to an exposed system. However, to exploit different configurations, threat actors would have to research additionally to find effective payloads. In case of a successful exploit, unauthenticated attackers will be able to execute arbitrary code on the targeted system.
Fortunately, there’s a remediation, a temporary mitigation, to fix the vulnerable condition:

“In Spring Framework, DataBinder has functionality to disallow certain patterns. As a temporary mitigation for this vulnerability, Praetorian recommends creating a ControllerAdvice component (which is a Spring component shared across Controllers) and adding dangerous patterns to the denylist”, the researchers added.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree