Free
CVE Series: Spring4Shell (CVE-2022-22965)
Spring4Shell (CVE-2022-22965) is a critical Remote Code Execution (RCE) vulnerability affecting Spring, a common application framework library used by Java developers. You will exploit and mitigate this vulnerability in a virtual lab, giving you the skills you need to “Spring” into action and protect your organization!
0
H
45
M
Time
intermediate
difficulty
1
ceu/cpe
Course Content
Spring4Shell Introduction and Background
Spring4Shell Exploitation
Mitigating the Spring4Shell Vulnerability
Spring4Shell Mitigation
Identifying the Spring4Shell Vulnerability
Spring4Shell Exploitation
Exploiting the Spring4Shell Vulnerability (Lab)
Spring4Shell Exploitation
Course Description
Who should take this course?
Our Spring4Shell (CVE-2022-22965) course is designed for defensive and offensive security professionals. It is an excellent course for penetration testers, red teamers, security and vulnerability analysts, and system administrators who want to learn how to protect against this critical vulnerability or exploit it in their own testing activities.Why should I take this course?
Spring4Shell (CVE-2022-22965) is a critical scored vulnerability impacting the Java Spring framework around a specific implementation of the framework on Tomcat using the Spring-WebMVC (Model-View Controller) or Spring-Webflux dependencies. The vulnerability allows attackers to execute commands that are parsed directly from the HTTP request body provided to the server, resulting in remote code execution on the system via specially crafted HTTP requests. It's also notable that researchers believe this vulnerability may be exploitable in other ways that have not yet been uncovered.It is important to patch this vulnerability as soon as possible because it can put many systems at risk. Our course discusses the official patch, as well as what security professionals can do if patching is not possible. Gain hands-on experience with exploiting this vulnerability in a secure virtual lab environment, giving you the skills you need to protect your organization.
What makes this course different from other courses on similar topics?
This course specifically covers a critical vulnerability that could affect your organization. By the end of this course, you will be able to:This course is taught by Cybrary's lead red team instructor, Matt Mullins, who has many years of experience leading teams, performing adversary emulation, conducting penetration tests, and developing exploits.