The prescribed mitigation for the Spring Framework RCE (CVE-2022-22965) is to upgrade Tomcat.
Reference: https://spring.io/blog/2022/04/01/spring-framework-rce-mitigation-alternative
Yesterday we [Spring] announced a Spring Framework RCE vulnerability CVE-2022-22965, listing Apache Tomcat as one of several preconditions. The Apache Tomcat team has since released versions 10.0.20, 9.0.62, and 8.5.78 all of which close the attack vector on Tomcat’s side.
- relates to
-
JSWSERVER-21350 Tracking Resolution of Issue Described in FAQ for CVE-2022-22965
-
- Closed
-
-
JPOSERVER-4353 Upgrade an external library to fix the vulnerability CVE-2022-22965
-
- Closed
-
(1 mentioned in)