Burp Suite User Forum

Login to post

Regarding Spring4Shell zero day

| Last updated: Apr 06, 2022 11:11AM UTC

Hi, Could you please share the input on the below concern: 1) Does Burp Suite has the capability (or any extension) to scan & identify the Spring4Shell zero day vulnerability, if not by when we can expect an update for this capability in Burp Suite? Thank you,

Ben, PortSwigger Agent | Last updated: Apr 07, 2022 03:09PM UTC

Hi, We do not have any native checks in the Burp Scanner to specifically check for this vulnerability - historically speaking we also do not generally add checks for specific vulnerabilities like this. We are also not currently hosting any extensions in our BApp Store that would check specifically for this vulnerability. There might be Burp extensions that have been created by users to check for this vulnerability that have not been put forward to be included in our BApp Store. We would, however, be unable to recommend any at this point in time (the extensions hosted in our BApp Store go through a quality checking process to ensure that they work as expected and are safe to use). An alternative might be to use an existing extension, such as the Burp Bounty extension, to add your own specific check for this vulnerability.

You need to Log in to post a reply. Or register here, for free.