Skip to main content
Published Aug 27, 2019 | Updated May 12, 2022

Backdoor:PHP/Remoteshell.V

Detected by Microsoft Defender Antivirus

Aliases: No associated aliases

Summary

Microsoft Defender Antivirus detects and removes this threat.

This threat exploits the CVE-2022-22965 vulnerability in the Java Spring Framework. Attackers might be attempting to gain access to the target device and run arbitrary code. This vulnerability allows remote attackers to obtain an AccessLogValve object through the framework’s parameter binding features and create a web shell in the Tomcat root directory.

Read the following blog for more information:

Microsoft Defender Antivirus automatically removes threats as they are detected. If you have cloud-delivered protection, your device gets the latest defenses against new and unknown threats. If you don't have this feature enabled, update your antimalware definitions, and run a full scan to remove this threat.

Apply the following mitigations to reduce the impact of this threat:

  1. patch is available for CVE-2022-22965. Administrators should upgrade to versions 5.3.18 or later, or 5.2.19 or later. If the patch is applied, no other mitigation is necessary.
  2. If you are unable to patch CVE-2022-22965, implement the set of workarounds published by Spring.

You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.

Follow us