Spring4Shell Statement

Nathan Pabon | 04/06/2022

A remote code execution (RCE) vulnerability dubbed “Spring4Shell” (CVE-2022-22965) has been made public on Twitter by an unknown user.

The proof of concept provided in those since-deleted Tweets demonstrates an exploit for a vulnerability in the Spring framework for Java.

It appears to affect services running Spring on Java 9 or newer, particularly those running Apache Tomcat.

LunaSec has an in-depth write-up analyzing the vulnerability and providing various mitigation methods in their blog post.

It is highly recommended that users with Apache Tomcat servers configured with the Spring Framework to update to versions 5.3.18 and 5.2.20 or greater.

Addigy is not impacted by this vulnerability as it does not use Java or Tomcat in its infrastructure.

We will be closely monitoring the situation and will provide updates as needed.

 

Thank you,

Addigy Security Team

Related Posts

Growing organizations and businesses must overcome numerous challenges associated with scaling their needs. This process includes regularly recruiting and hiring new employees, in addition to keeping up with the technology requirements of those new staff members. Whether you want to […]
Today’s IT managers and admins have a lot of boxes to check if they want to help an organization grow and scale. Managing devices, employee credentials and identification, and security processes are top priorities for enterprise business. With Apple ID […]
Keeping track of IT and technological assets within an organization is a huge undertaking, particularly as the digital world continually expands. While every workplace is unique in its approach to operations, most businesses want to keep tabs on essential things […]