Spring4Shell Statement

Nathan Pabon | 04/06/2022

A remote code execution (RCE) vulnerability dubbed “Spring4Shell” (CVE-2022-22965) has been made public on Twitter by an unknown user.

The proof of concept provided in those since-deleted Tweets demonstrates an exploit for a vulnerability in the Spring framework for Java.

It appears to affect services running Spring on Java 9 or newer, particularly those running Apache Tomcat.

LunaSec has an in-depth write-up analyzing the vulnerability and providing various mitigation methods in their blog post.

It is highly recommended that users with Apache Tomcat servers configured with the Spring Framework to update to versions 5.3.18 and 5.2.20 or greater.

Addigy is not impacted by this vulnerability as it does not use Java or Tomcat in its infrastructure.

We will be closely monitoring the situation and will provide updates as needed.

 

Thank you,

Addigy Security Team

Related Posts

Here’s our monthly wrap-up of articles you don’t want to miss!   Using Parallels Desktop to Simplify macOS Testing – Parallels Blog If you’re a developer or IT admin, testing new software can be a time-consuming and tedious process. But […]
What Apple's Discontinuation of Fleetsmith Means for Companies
The clock is ticking for MSPs and IT teams that use Apple’s Fleetsmith Mobile Device Management (MDM). Apple announced early this year that it will discontinue the service in October, which means companies that rely on it will need to […]
Here’s our monthly wrap-up of articles you don’t want to miss!   Why MSPs Need Multi-tenant Apple Device Management  – ChannelE2E Apple devices in the workplace have seen a 6% increase from 2019 to 2021. This means there’s a need […]