VNIS Origin Shield Firewall Removes Spring4shell Vulnerability

Wed Jul 13 2022
VNIS Origin Shield Firewall Removes Spring4shell Vulnerability

According to a CheckPoint analysis, Spring4shell harmed more than 16 percent of businesses from all over the world just four days after the vulnerability was discovered, with Europe being the worst hit at 20 percent. Theft of personal information, illegal access to the origin server, tracking of crucial data, spamming, and worst of all, encrypting the copper server with ransomware to blackmail enterprises are all possible consequences. VNIS (VNETWORK Internet Security) has deployed a number of solutions to defend enterprises from the Spring4shell vulnerability, which is a significant vulnerability.

What is Spring4 Shell Vulnerability?

Spring4shell is a vulnerability in the open-source Spring Framework application (used to provide and support the infrastructure to develop Java-based applications or website layers).

This vulnerability is rated extremely severe at 9.8/10 by the CVSS (Common Vulnerability Score System) vulnerability scoring system, which was announced on March 29, 2022, by a group of Chinese security professionals (it has been removed).

Spring4shell impact

Because programmers frequently utilize Spring Framework in conjunction with Java software to build application layers and commercial websites. Due to the obvious Spring4shell vulnerability, hackers will be able to simply exploit it to acquire unauthorized access to all vital data on the corporate website, as well as complete control over all corporate website resources.

According to Upgard, cybersecurity experts anticipate that the impact of the Spring4shell flaw will be comparable to the threats posed by vulnerabilities like Log4j, Heartbleed, and Shellshock.

This is a report of firms affected by Spring4shell from numerous nations throughout the world, according to CheckPoint's report.

CheckPoint's statistics on the industries affected by the Spring4Shell vulnerability show that software vendors are the most affected, with losses of up to 28 percent.

Hacking phases based on the Spring4Shell vulnerability

Stage 1.

The hackers are sending these queries in order to generate a JSP (JavaServer Pages) file, which allows them to pass attributes using query parameters to decide where they can write the value and run the code.

Stage 2.

Following the successful creation of the JSP by the hackers. They'll use curl to send a request to run a remote shell command with pre-defined parameters. As an example,

curl http://localhost:8080/shell.jsp?cmd=whoami

More specifically, the JSP file will be written to web apps/ROOT/ and will include the payload from the Tomcat template attribute set mentioned earlier. This file will be used to connect to the server, as well as to access the cmd query parameters. And you may use it to run any Linux command. Once the hacker has successfully accessed the server, use the example "whoami." Using the cmd argument, hackers are able to do whatever they want.

VNIS protects businesses against Spring Shell flaws.

When it comes to vulnerabilities that cause damage to corporate websites, VNIS is a platform that delivers comprehensive security solutions. VNIS is a modern technology that ensures the stability of a business website even while it is under attack.

The CRS (Core Rule Set manager) and the firewall (Cloud WAF) protects the origin server.

With over 2,000 sets of security rules built-in with CRS control capabilities, the firewall protects the origin server. VNIS can now filter request variables such as to request parameters, URL, and request content. As a result, any variable (on request) containing the attack syntax "class.module.classLoader" will be intercepted by VNIS, and the request will be stored as a threat to the origin server.

VNIS also has its own cloud-based firewall (Cloud WAF - Web Application Firewall). Indirectly aids enterprises in the fight against application layer threats (Layer 7). In addition, there are web firewall systems in several nations. All key security vulnerabilities mentioned by OWASP can be detected and immediately blocked by VNIS (top 10 OWASP). Broken Access Control, SQL Injection, Cryptographic Failures, and so on are only a few examples.

Other outstanding technologies of VNIS

Content Delivery Network (CDN)

Apart from that, we provide a sophisticated cloud-based firewall system. VNIS is a complete website transmission service for Vietnamese and foreign businesses. VNIS can assist organizations to upgrade and adding CDNs to the powerful Multi CDN system, which has more than 2,300 PoPs worldwide, thanks to the Multi CDN system's presence in many countries. With CDN capacity of up to 2,600 Tbps, VNIS can support business websites that can withstand 6 billion simultaneous views. Ensure that a company's website can function properly when the network layer (Layer 3) and the transport layer are both attacked (Layer 4). Furthermore, VNIS's Multi CDN is coupled with RUM (Real User Monitoring), a real-time monitoring solution, and AI (intelligent load balancing) (AI Loadbalancing). Assist your website in preventing unwanted access and ensuring its continued functionality in the event of an attack.

Security Operation Center (SOC)

VNIS has a monitoring system in place, as well as a skilled network security team. will ensure that your business is always supported, 24 hours a day, seven days a week. The system also keeps track of, analyzes, and reports attacks to the security staff. Attacks will thus be avoided in real-time, delivering the best possible user experience.

Businesses interested in experiencing and learning more about our website security services, please submit your contact information below or call our hotline at (028) 7306 8789.

Please leave your contact information, and our experts will contact you soon.

[First Name] is required field
[Email Address] is required field
[Phone Number] is required field
[Content] is required field
News All