| VID |
210213 |
| Severity |
10 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The version of Apache Tomcat installed on the remote host is 8.x prior to 8.5.78.
This version of Apache Tomcat does not have mitigations in place to protect against Spring4Shell (CVE-2022-22965). While this does not represent a vulnerability in Apache Tomcat itself, it is recommend to update Apache Tomcat to a version with the Spring4Shell mitigations present.
* References:
https://spring.io/blog/2022/04/01/spring-framework-rce-mitigation-alternative
* Platforms Affected:
Apache Tomcat Server versions 8.5.x prior to 8.5.78
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Apache Tomcat Server (8.5.78 or later), available from the Apache Software Foundation download site, http://tomcat.apache.org/ |
| Related URL |
CVE-2022-22965 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
