Details
Description
The prescribed mitigation for the Spring Framework RCE (CVE-2022-22965) is to upgrade Tomcat.
Reference: https://spring.io/blog/2022/04/01/spring-framework-rce-mitigation-alternative
Yesterday we [Spring] announced a Spring Framework RCE vulnerability CVE-2022-22965, listing Apache Tomcat as one of several preconditions. The Apache Tomcat team has since released versions 10.0.20, 9.0.62, and 8.5.78 all of which close the attack vector on Tomcat’s side.
Attachments
Issue Links
- relates to
-
JSWSERVER-21350 Tracking Resolution of Issue Described in FAQ for CVE-2022-22965
- Closed
-
JPOSERVER-4353 Upgrade an external library to fix the vulnerability CVE-2022-22965
- Closed
(1 mentioned in)