https://community.isc2.org/t5/Threats/Spring4Shell-Bug-yes-another-Log4J-issue/m-p/50322#M502 <P>Hi All</P><P>&nbsp;</P><P>It looks like another Spring for Java development has sprung up, even though it is Autumn in the Southern Hemisphere.&nbsp; It looks very much another extension to Log4J and Spring for Cloud with serious consequences.</P><P>&nbsp;</P><P><A href="https://threatpost.com/critical-rce-bug-spring-log4shell/179173/" target="_blank" rel="noopener">https://threatpost.com/critical-rce-bug-spring-log4shell/179173/</A></P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P> Mon, 09 Oct 2023 10:08:31 GMT Caute_cautim 2023-10-09T10:08:31Z https://community.isc2.org/t5/Threats/Spring4Shell-Bug-yes-another-Log4J-issue/m-p/50322#M502 <P>Hi All</P><P>&nbsp;</P><P>It looks like another Spring for Java development has sprung up, even though it is Autumn in the Southern Hemisphere.&nbsp; It looks very much another extension to Log4J and Spring for Cloud with serious consequences.</P><P>&nbsp;</P><P><A href="https://threatpost.com/critical-rce-bug-spring-log4shell/179173/" target="_blank" rel="noopener">https://threatpost.com/critical-rce-bug-spring-log4shell/179173/</A></P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P> Mon, 09 Oct 2023 10:08:31 GMT https://community.isc2.org/t5/Threats/Spring4Shell-Bug-yes-another-Log4J-issue/m-p/50322#M502 Caute_cautim 2023-10-09T10:08:31Z https://community.isc2.org/t5/Threats/Spring4Shell-Bug-yes-another-Log4J-issue/m-p/50365#M505 <P>Yes, will be another busy week.... there are 2 related CVEs and the RCE is really bad, even worst than the log4shell</P><P>&nbsp;</P><P><A href="https://unit42.paloaltonetworks.com/cve-2022-22965-springshell/" target="_blank">https://unit42.paloaltonetworks.com/cve-2022-22965-springshell/</A></P><P>&nbsp;</P><P>virtual patching and patching...</P><P>&nbsp;</P> Fri, 01 Apr 2022 15:18:30 GMT https://community.isc2.org/t5/Threats/Spring4Shell-Bug-yes-another-Log4J-issue/m-p/50365#M505 csjohnng 2022-04-01T15:18:30Z https://community.isc2.org/t5/Threats/Spring4Shell-Bug-yes-another-Log4J-issue/m-p/50381#M506 <P data-unlink="true">Here is an analysis (one of many out there) that describes the similarities with Log4j. This one describes the <A href="https://www.lunasec.io/docs/blog/spring-rce-vulnerabilities/" target="_blank" rel="noopener">exploit scenario</A> associated with Spring Core and the dependencies&nbsp;</P> Sat, 02 Apr 2022 12:50:43 GMT https://community.isc2.org/t5/Threats/Spring4Shell-Bug-yes-another-Log4J-issue/m-p/50381#M506 AppDefects 2022-04-02T12:50:43Z https://community.isc2.org/t5/Threats/Spring4Shell-Bug-yes-another-Log4J-issue/m-p/50432#M515 <P>HI All</P><P>&nbsp;</P><P>This is a follow up to to my original piece - it appears the number of systems affected is far greater than organisations anticipated.&nbsp;&nbsp; Some sleepless nights for many.</P><P>&nbsp;</P><P><A href="https://www.darkreading.com/application-security/vulnerable-spring-framework-instances-estimated-at-possibly-millions" target="_blank">https://www.darkreading.com/application-security/vulnerable-spring-framework-instances-estimated-at-possibly-millions</A></P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P> Thu, 07 Apr 2022 06:11:38 GMT https://community.isc2.org/t5/Threats/Spring4Shell-Bug-yes-another-Log4J-issue/m-p/50432#M515 Caute_cautim 2022-04-07T06:11:38Z