Korean
<< Back
VID 210215
Severity 10
Port 80, ...
Protocol TCP
Class WWW
Detailed Description The version of Apache Tomcat installed on the remote host is 9.x prior to 9.0.62.

This version of Apache Tomcat does not have mitigations in place to protect against Spring4Shell (CVE-2022-22965). While this does not represent a vulnerability in Apache Tomcat itself, it is recommend to update Apache Tomcat to a version with the Spring4Shell mitigations present.

* References:
https://spring.io/blog/2022/04/01/spring-framework-rce-mitigation-alternative

* Platforms Affected:
Apache Tomcat Server versions 9.0.x prior to 9.0.62
Any operating system Any version
Recommendation Upgrade to the latest version of Apache Tomcat Server (9.0.62 or later), available from the Apache Software Foundation download site, http://tomcat.apache.org/
Related URL CVE-2022-22965 (CVE)
Related URL (SecurityFocus)
Related URL (ISS)