- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
Tactic:
Detect attempts to exploit the spring4shell vulnerability (CVE-2022-22963).
Monitor payload matching the known patterns for the Spring core RCE known as Spring4shell (event rule: #dog-000-004) triggering on Java applications @language:(jvm OR java)
and generate an Application Security signal with Medium
severity.
A backup condition that looks for existing rules (@appsec.security_activity:attack_attempt.java_code_injection
) that trigger on the key that is used in the exploit (@appsec.triggers.rule_matches.parameters.key_path:class.module.classLoader.*
).
Consider blocking the attacking IP(s) temporarily to prevent them to reach deeper parts of your production systems.
If you are using Spring framework (v5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions) on JDK9+ and packaged it as WAR on Apache Tomcat, there is a high chance that you are vulnerable and need to do one of the following.