Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2022-22947

Description

In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.

POC

Reference

- http://packetstormsecurity.com/files/166219/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.html

- http://packetstormsecurity.com/files/168742/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.html

- https://www.oracle.com/security-alerts/cpuapr2022.html

- https://www.oracle.com/security-alerts/cpujul2022.html

Github

- https://github.com/0730Nophone/CVE-2022-22947-

- https://github.com/0x783kb/Security-operation-book

- https://github.com/0x7eTeam/CVE-2022-22947

- https://github.com/0x801453/SpringbootGuiExploit

- https://github.com/12442RF/NpocTemplate

- https://github.com/13exp/SpringBoot-Scan-GUI

- https://github.com/189569400/Meppo

- https://github.com/20142995/Goby

- https://github.com/20142995/nuclei-templates

- https://github.com/20142995/pocsuite3

- https://github.com/20142995/sectool

- https://github.com/22ke/CVE-2022-22947

- https://github.com/24-2021/EXP-POC

- https://github.com/24-2021/fscan-POC

- https://github.com/2lambda123/SBSCAN

- https://github.com/4nNns/CVE-2022-22947

- https://github.com/ADP-Dynatrace/dt-appsec-powerup

- https://github.com/ARPSyndicate/cve-scores

- https://github.com/ARPSyndicate/cvemon

- https://github.com/ARPSyndicate/kenzer-templates

- https://github.com/AabyssZG/SpringBoot-Scan

- https://github.com/Agilevatester/SpringSecurity

- https://github.com/Agilevatester/SpringSecurityV1

- https://github.com/Akankshakumari420/msd23016__project

- https://github.com/An0th3r/CVE-2022-22947-exp

- https://github.com/Arrnitage/CVE-2022-22947-exp

- https://github.com/Arrnitage/CVE-2022-22947_exp

- https://github.com/Awrrays/FrameVul

- https://github.com/Axx8/CVE-2022-22947_Rce_Exp

- https://github.com/B0rn2d/Spring-Cloud-Gateway-Nacos

- https://github.com/BBD-YZZ/GUI-TOOLS

- https://github.com/BerMalBerIst/CVE-2022-22947

- https://github.com/CLincat/vulcat

- https://github.com/CVEDB/PoC-List

- https://github.com/CVEDB/awesome-cve-repo

- https://github.com/CVEDB/top

- https://github.com/Challengers-win/Sec-Interview-ai

- https://github.com/Ciyfly/mullet

- https://github.com/CllmsyK/YYBaby-Spring_Scan

- https://github.com/Drajoncr/AttackWebFrameworkTools

- https://github.com/Enokiy/cve-2022-22947-spring-cloud-gateway

- https://github.com/Enokiy/cve_learning_record

- https://github.com/Enokiy/javaThings

- https://github.com/Enokiy/java_things

- https://github.com/F6JO/Burp_VulPscan

- https://github.com/Getshell/Mshell

- https://github.com/GhostTroops/TOP

- https://github.com/Greetdawn/CVE-2022-22947

- https://github.com/Ha0Liu/CVE-2022-22947

- https://github.com/HimmelAward/Goby_POC

- https://github.com/JERRY123S/all-poc

- https://github.com/JosephJMRG/apache-docker-project

- https://github.com/Jun-5heng/CVE-2022-22947

- https://github.com/LY613313/CVE-2022-22947

- https://github.com/Le1a/CVE-2022-22947

- https://github.com/Ljw1114/SpringFramework-Vul

- https://github.com/M0ge/CVE-2022-22947-Spring-Cloud-Gateway-SpelRCE

- https://github.com/M1r0ku/Java-Sec-Learn

- https://github.com/MInggongK/SpringbootGuiExploit

- https://github.com/Mr-xn/Penetration_Testing_POC

- https://github.com/NaInSec/CVE-PoC-in-GitHub

- https://github.com/Nathaniel1025/CVE-2022-22947

- https://github.com/NyxAzrael/Goby_POC

- https://github.com/Ostorlab/KEV

- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors

- https://github.com/PaoPaoLong-lab/Spring-CVE-2022-22947-

- https://github.com/PradeepdubeyAI/msd23016__project

- https://github.com/PuddinCat/GithubRepoSpider

- https://github.com/PyterSmithDarkGhost/VMWARECODEINJECTIONATTACKCVE-2022-22947

- https://github.com/SYRTI/POC_to_review

- https://github.com/Sec-Fork/mullet2

- https://github.com/SecNN/CVE-2022-22947_Rce_Exp

- https://github.com/SecNN/SecNN

- https://github.com/SiJiDo/CVE-2022-22947

- https://github.com/Sumitpathania03/CVE-2022-22947

- https://github.com/Summer177/Spring-Cloud-Gateway-CVE-2022-22947

- https://github.com/SummerSec/SpringExploit

- https://github.com/SummerSec/learning-codeql

- https://github.com/Tas9er/SpringCloudGatewayRCE

- https://github.com/Threekiii/Awesome-Exploit

- https://github.com/Threekiii/Awesome-POC

- https://github.com/Threekiii/Awesome-Redteam

- https://github.com/Threekiii/Vulhub-Reproduce

- https://github.com/Vancomycin-g/CVE-2022-22947

- https://github.com/Vulnmachines/spring-cve-2022-22947

- https://github.com/WhooAmii/POC_to_review

- https://github.com/Whoopsunix/PPPVULNS

- https://github.com/WingsSec/Meppo

- https://github.com/Wrin9/CVE-2022-22947

- https://github.com/Wrin9/POC

- https://github.com/Wrong-pixel/CVE-2022-22947-exp

- https://github.com/WuliRuler/SBSCAN

- https://github.com/Xd-tl/CVE-2022-22947-Rce_POC

- https://github.com/XiaomingX/awesome-poc-for-red-team

- https://github.com/XuCcc/VulEnv

- https://github.com/Y4tacker/JavaSec

- https://github.com/YutuSec/SpEL

- https://github.com/Z0fhack/Goby_POC

- https://github.com/ZWDeJun/ZWDeJun

- https://github.com/Zh0um1/CVE-2022-22947

- https://github.com/abdullah89255/Real-IP-Address-Bug-Bounty-

- https://github.com/ad-calcium/vuln_script

- https://github.com/aesm1p/CVE-2022-22947-POC-Reproduce

- https://github.com/al4xs/CVE-2022-22947-Spring-Cloud

- https://github.com/anansec/CVE-2022-22947_EXP

- https://github.com/angui0O/Awesome-Redteam

- https://github.com/aodsec/CVE-2022-22947

- https://github.com/awsassets/CVE-2022-22947-RCE

- https://github.com/ax1sX/SpringSecurity

- https://github.com/ba1ma0/Spring-Cloud-GateWay-CVE-2022-22947-demon-code

- https://github.com/bakery312/Vulhub-Reproduce

- https://github.com/bigbigban1/CVE-2022-22947-exp

- https://github.com/bysinks/CVE-2022-22947

- https://github.com/carlosevieira/CVE-2022-22947

- https://github.com/cc3305/CVE-2022-22947

- https://github.com/cc8700619/poc

- https://github.com/chaosec2021/CVE-2022-22947-POC

- https://github.com/chaosec2021/EXP-POC

- https://github.com/chaosec2021/fscan-POC

- https://github.com/charonlight/SpringExploitGUI

- https://github.com/crowsec-edtech/CVE-2022-22947

- https://github.com/cyberanand1337x/bug-bounty-2022

- https://github.com/d-rn/vulBox

- https://github.com/d0ctorsec/LearnJavaMemshellFromZero-Recurrence

- https://github.com/d4n-sec/d4n-sec.github.io

- https://github.com/darkb1rd/cve-2022-22947

- https://github.com/darkfiv/SpringcloudGatewayRCE-Exploit

- https://github.com/dbgee/CVE-2022-22947

- https://github.com/debug4you/CVE-2022-22947

- https://github.com/dingxiao77/-cve-2022-22947-

- https://github.com/dravenww/curated-article

- https://github.com/enomothem/PenTestNote

- https://github.com/expzhizhuo/Burp_VulPscan

- https://github.com/fbion/CVE-2022-22947

- https://github.com/flying0er/CVE-2022-22947-goby

- https://github.com/g1san/Agents-for-Vulnerable-Dockers-and-related-Benchmarks

- https://github.com/go-bi/bappstore

- https://github.com/godzeo/SecGPT-distill-boundless

- https://github.com/h30gyan/Java-Sec-Learn

- https://github.com/helloexp/CVE-2022-22947

- https://github.com/hh-hunter/cve-2022-22947-docker

- https://github.com/hktalent/TOP

- https://github.com/hktalent/bug-bounty

- https://github.com/hosch3n/msmap

- https://github.com/hunzi0/CVE-2022-22947-Rce_POC

- https://github.com/hxysaury/saury-vulnhub

- https://github.com/j-jasson/CVE-2022-22947-Spring-Cloud-Gateway-SpelRCE

- https://github.com/jbmihoub/all-poc

- https://github.com/k0mi-tg/CVE-POC

- https://github.com/k3rwin/spring-cloud-gateway-rce

- https://github.com/kaydenlsr/Awesome-Redteam

- https://github.com/killvxk/Awesome-Exploit

- https://github.com/kkx600/Burp_VulPscan

- https://github.com/kmahyyg/CVE-2022-22947

- https://github.com/langu-xyz/JavaVulnMap

- https://github.com/lions2012/Penetration_Testing_POC

- https://github.com/lucksec/Spring-Cloud-Gateway-CVE-2022-22947

- https://github.com/luckyfuture0177/VULOnceMore

- https://github.com/mamba-2021/EXP-POC

- https://github.com/mamba-2021/fscan-POC

- https://github.com/manas3c/CVE-POC

- https://github.com/march0s1as/CVE-2022-22947

- https://github.com/merlinepedra/AttackWebFrameworkTools-5.0

- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0

- https://github.com/metaStor/SpringScan

- https://github.com/michaelklaan/CVE-2022-22947-Spring-Cloud

- https://github.com/mieeA/SpringWebflux-MemShell

- https://github.com/mostwantedduck/cve-poc

- https://github.com/mrknow001/CVE-2022-22947

- https://github.com/n11dc0la/PocSuite_POC

- https://github.com/nBp1Ng/FrameworkAndComponentVulnerabilities

- https://github.com/nBp1Ng/SpringFramework-Vul

- https://github.com/nanaao/CVE-2022-22947-POC

- https://github.com/nomi-sec/PoC-in-GitHub

- https://github.com/nu0l/cve-2022-22947

- https://github.com/nu1r/yak-module-Nu

- https://github.com/onewinner/VulToolsKit

- https://github.com/open-source-agenda/new-open-source-projects

- https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main

- https://github.com/peiqiF4ck/WebFrameworkTools-5.5

- https://github.com/peiqiF4ck/WebFrameworkTools-5.5-enhance

- https://github.com/pen4uin/java-memshell-generator-release

- https://github.com/pradeepdubey2000/msd23016__project

- https://github.com/q99266/saury-vulnhub

- https://github.com/qq87234770/CVE-2022-22947

- https://github.com/reph0r/poc-exp

- https://github.com/reph0r/poc-exp-tools

- https://github.com/runt0/woodpecker-box

- https://github.com/safest-place/ExploitPcapCollection

- https://github.com/sagaryadav8742/springcloudRCE

- https://github.com/savior-only/CVE-2022-22947

- https://github.com/savior-only/Spring_All_Reachable

- https://github.com/scopion/CVE-2022-22947-exp

- https://github.com/scopion/cve-2022-22947

- https://github.com/shakeman8/CVE-2022-22947-RCE

- https://github.com/shengshengli/AttackWebFrameworkTools-5.0

- https://github.com/shengshengli/fscan-POC

- https://github.com/shoucheng3/spring-cloud__spring-cloud-gateway_CVE-2022-22947_3-0-6

- https://github.com/skysliently/CVE-2022-22947-pb-ai

- https://github.com/soosmile/POC

- https://github.com/sp4zcmd/SpringWebflux-MemShell

- https://github.com/sspsec/Scan-Spring-GO

- https://github.com/stayfoolish777/CVE-2022-22947-POC

- https://github.com/suizhibo/MemShellGene

- https://github.com/sule01u/SBSCAN

- https://github.com/superlink996/chunqiuyunjingbachang

- https://github.com/talentsec/Spring-Cloud-Gateway-CVE-2022-22947

- https://github.com/tangxiaofeng7/CVE-2022-22947-Spring-Cloud-Gateway

- https://github.com/tanjiti/sec_profile

- https://github.com/testivy/springboot-actuator-spring-cloud-function-rce

- https://github.com/thomasvincent/Spring4Shell-resources

- https://github.com/thomasvincent/spring-shell-resources

- https://github.com/thomasvincent/springshell

- https://github.com/tpt11fb/SpringVulScan

- https://github.com/trhacknon/CVE-2022-22947

- https://github.com/trhacknon/Pocingit

- https://github.com/twseptian/cve-2022-22947

- https://github.com/veo/vscan

- https://github.com/viemsr/spring_cloud_gateway_memshell

- https://github.com/weeka10/-hktalent-TOP

- https://github.com/whoforget/CVE-POC

- https://github.com/whwlsfb/cve-2022-22947-godzilla-memshell

- https://github.com/wjl110/Spring_CVE_2022_22947

- https://github.com/xuetusummer/Penetration_Testing_POC

- https://github.com/york-cmd/CVE-2022-22947-goby

- https://github.com/youwizard/CVE-POC

- https://github.com/zan8in/afrog

- https://github.com/zecool/cve

- https://github.com/zhizhuoshuma/Burp_VulPscan

- https://github.com/zjr-g/SpringDetector