Platform updates

March updates: Spring4Shell: find and confirm exploitable targets and more updates

Updated at

If you instantly thought of Log4Shell when Spring4Shell emerged just a few days ago, you’re not alone. A coolheaded analysis reveals this CVE is not as severe as last year’s Log4j vulnerability. Nevertheless, it remains a priority in terms of detection and patching. Here’s why.

CVE-2022-22965 affects the Spring Core Framework (MVC and Spring WebFlux applications) running on Java, which developers widely use in their work. CISA also added this CVE to its catalog of Known Exploited Vulnerabilities, emphasizing that malicious actors are actively using it in their attacks.

To help you find vulnerable targets and prioritize business-critical ones for patching, our security research team just launched detection and exploitation modules for Spring4Shell.

Log into your account to search for targets affected by this CVE with our Network Scanner and Sniper.

Detect Spring4Shell now

And that’s not all we did.

In the past month, we also rolled out a new stack of updates to support your security testing efforts:

  1. 3 new high-risk CVEs you can exploit with Sniper

  2. Option to define a minimum weight value in Find Domains scans

  3. The ability to run authenticated scans with Sniper Auto-Exploiter

Let’s unpack them!

1. Confirm exploitation risk for these 3 critical CVEs with Sniper

Besides Spring4Shell, our security research team also updated Sniper Automatic Exploiter with exploitation capabilities for:

  • the RCE vulnerability affecting specific Spring Cloud Gateway and Function versions – CVE-2022-22947 (CVSSv3 10.0)

  • another RCE vulnerability that impacts different Spring Cloud Function versions – CVE-2022-22963 (CVSSv3. 9.8)

  • the critical RCE vulnerability found in Apache Struts – CVE-2017-12611 (CVSSv3 9.8)

Exploit these CVEs

2. Specify a minimum weight value and use it with Find Domains

You now have the option to set up a specific minimum weight value when running scans with Find Domains. This allows you to better filter scan results and validate the accurate ones.

To use it, go to Find Domains, add your target, and select a minimum weight to get more detailed results filtering.

Define a minimum weight in the Domain Finder

3. Get better PoCs with Sniper authenticated scans

We enhanced Sniper Auto-Exploiter with a new feature that allows you to perform authenticated scans and get even richer details about your targets for PoCs.

Sniper authenticates to your target system with the credentials you provide and extracts the artefacts as an authenticated user.

Check out the steps in our dedicated support article to learn how to use this new Sniper feature.

authenticated scans with Sniper

Hope these updates help you streamline your pentesting engagements and do more of the things you enjoy.

Get vulnerability research & write-ups

In your inbox. (No fluff. Actionable stuff only.)

Related articles

Discover our ethical hacking toolkit and all the free tools you can use!

Create free account


© 2013-2024 has a LinkedIn account it's very active on

Join over 45,000 security specialists to discuss career challenges, get pentesting guides and tips, and learn from your peers. Follow us on LinkedIn! has a YouTube account where you can find tutorials and useful videos

Expert pentesters share their best tips on our Youtube channel. Subscribe to get practical penetration testing tutorials and demos to build your own PoCs!

G2 award badge recognized as a Leader in G2’s Spring 2023 Grid® Report for Penetration Testing Software. Discover why security and IT pros worldwide use the platform to streamline their penetration and security testing workflow.

OWASP logo is a Corporate Member of OWASP (The Open Web Application Security Project). We share their mission to use, strengthen, and advocate for secure coding standards into every piece of software we develop.