Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Cybrary

CVE Series: Spring4Shell (CVE-2022-22965)

via Cybrary

Overview

Who should take this course?

Our Spring4Shell (CVE-2022-22965) course is designed for defensive and offensive security professionals. It is an excellent course for penetration testers, red teamers, security and vulnerability analysts, and system administrators who want to learn how to protect against this critical vulnerability or exploit it in their own testing activities.

Why should I take this course?

Spring4Shell (CVE-2022-22965) is a critical scored vulnerability impacting the Java Spring framework around a specific implementation of the framework on Tomcat using the Spring-WebMVC (Model-View Controller) or Spring-Webflux dependencies. The vulnerability allows attackers to execute commands that are parsed directly from the HTTP request body provided to the server, resulting in remote code execution on the system via specially crafted HTTP requests. It's also notable that researchers believe this vulnerability may be exploitable in other ways that have not yet been uncovered.

It is important to patch this vulnerability as soon as possible because it can put many systems at risk. Our course discusses the official patch, as well as what security professionals can do if patching is not possible. Gain hands-on experience with exploiting this vulnerability in a secure virtual lab environment, giving you the skills you need to protect your organization.

What makes this course different from other courses on similar topics?

This course specifically covers a critical vulnerability that could affect your organization. By the end of this course, you will be able to:

  • Define the Spring4Shell vulnerability, describe its root cause, and communicate its significance to key organizational stakeholders
  • Approach different ways for exploiting and mitigating this vulnerability in a hands-on lab

This course is taught by Cybrary's lead red team instructor, Matt Mullins, who has many years of experience leading teams, performing adversary emulation, conducting penetration tests, and developing exploits.

Why should I take this course on Cybrary and not somewhere else?

This on-demand course gives you the hands-on experience needed to protect and defend your organization against the critical Spring4Shell vulnerability. In one hour, offensive and defensive security professionals can become more prepared to defend their organization against this serious threat. In this course, you will see just how quick and easy it is to exploit this vulnerability from the perspective of an adversary. After completing your training, you will be able to not only exploit and mitigate this critical vulnerability, but also describe its significance to organizational stakeholders.

Syllabus

  • Spring4Shell Exploitation
    • Spring4Shell Introduction and Background
    • Identifying the Spring4Shell Vulnerability
    • Exploiting the Spring4Shell Vulnerability (Lab)
  • Spring4Shell Mitigation
    • Mitigating the Spring4Shell Vulnerability

Taught by

Matthew Mullins

Reviews

Start your review of CVE Series: Spring4Shell (CVE-2022-22965)

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.