Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion
‎03-30-2022 04:24 PM
‎03-30-2022 04:24 PM

Spring4Shell Bug - yes another Log4J issue

Hi All

 

It looks like another Spring for Java development has sprung up, even though it is Autumn in the Southern Hemisphere.  It looks very much another extension to Log4J and Spring for Cloud with serious consequences.

 

https://threatpost.com/critical-rce-bug-spring-log4shell/179173/

 

Regards

 

Caute_Cautim

Reply
3 Replies
csjohnng
Community Champion
‎04-01-2022 11:18 AM
‎04-01-2022 11:18 AM

Yes, will be another busy week.... there are 2 related CVEs and the RCE is really bad, even worst than the log4shell

 

https://unit42.paloaltonetworks.com/cve-2022-22965-springshell/

 

virtual patching and patching...

 

John
Reply
AppDefects
Community Champion
‎04-02-2022 08:50 AM
‎04-02-2022 08:50 AM

Here is an analysis (one of many out there) that describes the similarities with Log4j. This one describes the exploit scenario associated with Spring Core and the dependencies 

Reply
Caute_cautim
Community Champion
‎04-07-2022 02:11 AM
‎04-07-2022 02:11 AM

HI All

 

This is a follow up to to my original piece - it appears the number of systems affected is far greater than organisations anticipated.   Some sleepless nights for many.

 

https://www.darkreading.com/application-security/vulnerable-spring-framework-instances-estimated-at-...

 

Regards

 

Caute_Cautim

Reply
0 Kudos