CVE Series: Spring4Shell (CVE-2022-22965)

Spring4Shell (CVE-2022-22965) is a critical Remote Code Execution (RCE) vulnerability affecting Spring, a common application framework library used by Java developers. You will exploit and mitigate this vulnerability in a virtual lab, giving you the skills you need to “Spring” into action and protect your organization!

Course Content

Course Description

Who should take this course?

Our Spring4Shell (CVE-2022-22965) course is designed for defensive and offensive security professionals. It is an excellent course for penetration testers, red teamers, security and vulnerability analysts, and system administrators who want to learn how to protect against this critical vulnerability or exploit it in their own testing activities.

Why should I take this course?

Spring4Shell (CVE-2022-22965) is a critical scored vulnerability impacting the Java Spring framework around a specific implementation of the framework on Tomcat using the Spring-WebMVC (Model-View Controller) or Spring-Webflux dependencies. The vulnerability allows attackers to execute commands that are parsed directly from the HTTP request body provided to the server, resulting in remote code execution on the system via specially crafted HTTP requests. It's also notable that researchers believe this vulnerability may be exploitable in other ways that have not yet been uncovered.

It is important to patch this vulnerability as soon as possible because it can put many systems at risk. Our course discusses the official patch, as well as what security professionals can do if patching is not possible. Gain hands-on experience with exploiting this vulnerability in a secure virtual lab environment, giving you the skills you need to protect your organization.

What makes this course different from other courses on similar topics?

This course specifically covers a critical vulnerability that could affect your organization. By the end of this course, you will be able to:

  • Define the Spring4Shell vulnerability, describe its root cause, and communicate its significance to key organizational stakeholders
  • Approach different ways for exploiting and mitigating this vulnerability in a hands-on lab
  • This course is taught by Cybrary's lead red team instructor, Matt Mullins, who has many years of experience leading teams, performing adversary emulation, conducting penetration tests, and developing exploits.

    Why should I take this course on Cybrary and not somewhere else?

    This on-demand course gives you the hands-on experience needed to protect and defend your organization against the critical Spring4Shell vulnerability. In one hour, offensive and defensive security professionals can become more prepared to defend their organization against this serious threat. In this course, you will see just how quick and easy it is to exploit this vulnerability from the perspective of an adversary. After completing your training, you will be able to not only exploit and mitigate this critical vulnerability, but also describe its significance to organizational stakeholders.

    This course is part of a Career Path:
    No items found.

    Instructed by

    Master Instructor
    Matthew Mullins

    Matt has led multiple Red Team engagements, ranging from a few weeks to a year and covering multiple security domains. Outside of Red Teaming, Matt is also a seasoned penetration tester with interests in: AppSec, OSINT, Hardware, Wifi, Social Engineering, and Physical Security. Matt has a Master's degree in Information Assurance and an exhaustive number of certifications ranging from frameworks, management, and hands-on hacking. Matt is a Technical SME at Cybrary, focusing on Adversarial Emulation and Red Teaming for course content.

    Cybrary Logo
    Certification Body
    Certificate of Completion

    Complete this entire course to earn a CVE Series: Spring4Shell (CVE-2022-22965) Certificate of Completion