CVE Series: Spring4Shell (CVE-2022-22965)

Spring4Shell (CVE-2022-22965) is a critical Remote Code Execution (RCE) vulnerability affecting Spring, a common application framework library used by Java developers. You will exploit and mitigate this vulnerability in a virtual lab, giving you the skills you need to “Spring” into action and protect your organization!

45 minutes
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

Course Content
Spring4Shell Introduction and Background
Identifying the Spring4Shell Vulnerability
Exploiting the Spring4Shell Vulnerability (Lab)

2.1Mitigating the Spring4Shell Vulnerability

Course Description

Who should take this course?

Our Spring4Shell (CVE-2022-22965) course is designed for defensive and offensive security professionals. It is an excellent course for penetration testers, red teamers, security and vulnerability analysts, and system administrators who want to learn how to protect against this critical vulnerability or exploit it in their own testing activities.

Why should I take this course?

Spring4Shell (CVE-2022-22965) is a critical scored vulnerability impacting the Java Spring framework around a specific implementation of the framework on Tomcat using the Spring-WebMVC (Model-View Controller) or Spring-Webflux dependencies. The vulnerability allows attackers to execute commands that are parsed directly from the HTTP request body provided to the server, resulting in remote code execution on the system via specially crafted HTTP requests. It's also notable that researchers believe this vulnerability may be exploitable in other ways that have not yet been uncovered.

It is important to patch this vulnerability as soon as possible because it can put many systems at risk. Our course discusses the official patch, as well as what security professionals can do if patching is not possible. Gain hands-on experience with exploiting this vulnerability in a secure virtual lab environment, giving you the skills you need to protect your organization.

What makes this course different from other courses on similar topics?

This course specifically covers a critical vulnerability that could affect your organization. By the end of this course, you will be able to:

  • Define the Spring4Shell vulnerability, describe its root cause, and communicate its significance to key organizational stakeholders
  • Approach different ways for exploiting and mitigating this vulnerability in a hands-on lab

This course is taught by Cybrary's lead red team instructor, Matt Mullins, who has many years of experience leading teams, performing adversary emulation, conducting penetration tests, and developing exploits.

Why should I take this course on Cybrary and not somewhere else?

This on-demand course gives you the hands-on experience needed to protect and defend your organization against the critical Spring4Shell vulnerability. In one hour, offensive and defensive security professionals can become more prepared to defend their organization against this serious threat. In this course, you will see just how quick and easy it is to exploit this vulnerability from the perspective of an adversary. After completing your training, you will be able to not only exploit and mitigate this critical vulnerability, but also describe its significance to organizational stakeholders.

Instructed By
Matthew Mullins

Matthew Mullins

Technical Manager, Red Team

Certificate of Completion
Certificate Of Completion

Complete this entire course to earn a CVE Series: Spring4Shell (CVE-2022-22965) Certificate of Completion