Java Spring Framework Remote Code Execution Vulnerability
Spring Framework is a lightweight open-source application framework for developing enterprise Java applications. A remote code execution (RCE) vulnerability was disclosed in the Spring framework and classified as critical. This vulnerability can be exploited to attack Java applications running on JDK 9 or later versions.
Vulnerability Name
Zero-Day RCE Vulnerability in the Spring Framework
Affected Versions
- JDK 9 or later
- Applications developed using the Spring Framework or derived framework
Mitigation
- Buy a WAF instance.
- Add your website domain name to WAF and complete domain name access. For details, see Connecting Your Website to WAF (Cloud Mode - CNAME Access)
- In the Basic Web Protection configuration area, set the protective action to Block and complete the configuration. For details, see Configuring Basic Web Protection Rules.
Figure 1 Basic Web Protection
- (Optional) Enable Header Inspection.
You can enable Header Inspection based on the attack payloads of the vulnerability.
- If the attack payload is carried in the parameters submitted, you do not need to enable Header Inspection.
- If the attack payload is carried in the user-defined header field, Header Inspection must be enabled to block this type of attacks.
Type 2 malicious payloads depend on Type 1 malicious payloads so whether to enable Header Inspection is determined by your service requirements.
Protection Verification
After the preceding configurations are complete, simulate a high-risk vulnerability exploit of Java Spring framework remote code execution. Then, go to the WAF console, choose Events in the navigation pane on the left, and check whether the request has been blocked.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
