Spring4Shell Statement

Nathan Pabon | 04/06/2022

A remote code execution (RCE) vulnerability dubbed “Spring4Shell” (CVE-2022-22965) has been made public on Twitter by an unknown user.

The proof of concept provided in those since-deleted Tweets demonstrates an exploit for a vulnerability in the Spring framework for Java.

It appears to affect services running Spring on Java 9 or newer, particularly those running Apache Tomcat.

LunaSec has an in-depth write-up analyzing the vulnerability and providing various mitigation methods in their blog post.

It is highly recommended that users with Apache Tomcat servers configured with the Spring Framework to update to versions 5.3.18 and 5.2.20 or greater.

Addigy is not impacted by this vulnerability as it does not use Java or Tomcat in its infrastructure.

We will be closely monitoring the situation and will provide updates as needed.

 

Thank you,

Addigy Security Team

Related Posts

Nothing can damage work efficiency quite like gridlock. This is because workplace bottlenecks (especially as they relate to IT requests) can interrupt communication, become a hassle for management, and significantly reduce the productivity of any team. Removing IT-related roadblocks is […]
Managing Apple devices for your team or organization involves several layers of device protection. It’s crucial that individual devices and applications have secure pathways on which to run. Otherwise, you may expose your entire framework to cybersecurity threats and vulnerabilities. […]
Here's our monthly wrap-up of articles you don't want to miss!