Blocking Java Springcore RCE (CVE-2022-22965)

by Mark Trent on Snapt Nova • March 31, 2022

The Snapt security team is tracking a 0day RCE exploit in Java Springcore, (Spring4Shell) and has pushed an emergency update to Nova to intercept requests attempting to exploit the vulnerability.

To ensure you are protected immediately, make sure to re-deploy any ADCs or Profiles with potentially affected systems behind.

The nature of the block may evolve as information comes to light about the exploit which was announced earlier today, and has been given the identifier CVE-2022-22965.

We recommend updating any affected applications urgently, and are seeing exploits in the wild already.