-
Bug
-
Resolution: Fixed
-
Low (View bug fix roadmap)
-
8.13.19, 8.20.7, 8.22.1
-
None
-
8.13
-
Severity 1 - Critical
-
The prescribed mitigation for the Spring Framework RCE (CVE-2022-22965) is to upgrade Tomcat.
Reference: https://spring.io/blog/2022/04/01/spring-framework-rce-mitigation-alternative
Yesterday we [Spring] announced a Spring Framework RCE vulnerability CVE-2022-22965, listing Apache Tomcat as one of several preconditions. The Apache Tomcat team has since released versions 10.0.20, 9.0.62, and 8.5.78 all of which close the attack vector on Tomcat’s side.
- relates to
-
-
- Closed
-
-
-
- Closed
-
Upgrade Tomcat to version 8.5.78 - CVE-2022-22965 (Spring Framework RCE)
The prescribed mitigation for the Spring Framework RCE (CVE-2022-22965) is to upgrade Tomcat.
Reference: https://spring.io/blog/2022/04/01/spring-framework-rce-mitigation-alternative
Yesterday we [Spring] announced a Spring Framework RCE vulnerability CVE-2022-22965, listing Apache Tomcat as one of several preconditions. The Apache Tomcat team has since released versions 10.0.20, 9.0.62, and 8.5.78 all of which close the attack vector on Tomcat’s side.
- relates to
-
-
- Closed
-
-
-
- Closed
-
-
Karol Skwierawski
-
- Votes:
-
0 Vote for this issue
- Watchers:
-
4 Start watching this issue
- Created:
- Updated:
- Resolved: