CVE-SPRING4SHELLExecution

Spring4Shell (CVE-2022-22965)

Spring Framework data-binding via PropertyDescriptor → modify Tomcat's logging config → write JSP webshell.

§ Where this technique fits

CVE-SPRING4SHELL is catalogued under the Execution tactic of the offensive-security kill-chain. It appears in 1 approved dossier in the registry, typically at step 2 on average.

§ Dossiers chaining this technique

Spring4Shell (CVE-2022-22965) → JSP webshell on Tomcat
Send a crafted POST that uses Spring's data-binding to mutate Tomcat's logging configuration — turn its access log into a JSP file written under webapps/, then request it.
step 2 / 6

§ What commonly comes next

01
Webshell Deployment
W-WEBSHELL · Persistence
seen 1×

§ Where this technique fits

§ Dossiers chaining this technique

Spring4Shell (CVE-2022-22965) → JSP webshell on Tomcat

§ What commonly comes next