| VID |
210214 |
| Severity |
10 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The version of Apache Tomcat installed on the remote host is 10.x prior to 10.0.20.
This version of Apache Tomcat does not have mitigations in place to protect against Spring4Shell (CVE-2022-22965). While this does not represent a vulnerability in Apache Tomcat itself, it is recommend to update Apache Tomcat to a version with the Spring4Shell mitigations present.
* References:
https://spring.io/blog/2022/04/01/spring-framework-rce-mitigation-alternative
* Platforms Affected:
Apache Tomcat Server versions 10.0.x prior to 10.0.20
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Apache Tomcat Server (10.0.20 or later), available from the Apache Software Foundation download site, http://tomcat.apache.org/ |
| Related URL |
CVE-2022-22965 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
