CVE Series: Spring4Shell (CVE-2022-22965)

0
Language

Level

Beginner

Access

Paid

Certificate

Paid

Spring4Shell (CVE-2022-22965) is a critical Remote Code Execution (RCE) vulnerability affecting Spring, a common application framework library used by Java developers. You will exploit and mitigate this vulnerability in a virtual lab, giving you the skills you need to “Spring” into action and protect your organization!

Add your review

Course Description

Our Spring4Shell (CVE-2022-22965) course is designed for defensive and offensive security professionals. It is an excellent course for penetration testers, red teamers, security and vulnerability analysts, and system administrators who want to learn how to protect against this critical vulnerability or exploit it in their own testing activities.

Spring4Shell (CVE-2022-22965) is a critical scored vulnerability impacting the Java Spring framework around a specific implementation of the framework on Tomcat using the Spring-WebMVC (Model-View Controller) or Spring-Webflux dependencies. The vulnerability allows attackers to execute commands that are parsed directly from the HTTP request body provided to the server, resulting in remote code execution on the system via specially crafted HTTP requests. It’s also notable that researchers believe this vulnerability may be exploitable in other ways that have not yet been uncovered.

It is important to patch this vulnerability as soon as possible because it can put many systems at risk. Our course discusses the official patch, as well as what security professionals can do if patching is not possible. Gain hands-on experience with exploiting this vulnerability in a secure virtual lab environment, giving you the skills you need to protect your organization.

This course specifically covers a critical vulnerability that could affect your organization. By the end of this course, you will be able to:

This course is taught by Cybrary’s lead red team instructor, Matt Mullins, who has many years of experience leading teams, performing adversary emulation, conducting penetration tests, and developing exploits.

This on-demand course gives you the hands-on experience needed to protect and defend your organization against the critical Spring4Shell vulnerability. In one hour, offensive and defensive security professionals can become more prepared to defend their organization against this serious threat. In this course, you will see just how quick and easy it is to exploit this vulnerability from the perspective of an adversary. After completing your training, you will be able to not only exploit and mitigate this critical vulnerability, but also describe its significance to organizational stakeholders.

Define the Spring4Shell vulnerability, describe its root cause, and communicate its significance to key organizational stakeholders

Approach different ways for exploiting and mitigating this vulnerability in a hands-on lab

This on-demand course gives you the hands-on experience needed to protect and defend your organization against the critical Spring4Shell vulnerability. In one hour, offensive and defensive security professionals can become more prepared to defend their organization against this serious threat. In this course, you will see just how quick and easy it is to exploit this vulnerability from the perspective of an adversary. After completing your training, you will be able to not only exploit and mitigate this critical vulnerability, but also describe its significance to organizational stakeholders.

Module 1: Spring4Shell Exploitation

Module 2: Spring4Shell Mitigation

×

    Your Email (required)

    Report this page
    CVE Series: Spring4Shell (CVE-2022-22965)
    CVE Series: Spring4Shell (CVE-2022-22965)
    LiveTalent.org
    Logo
    Skip to content