Unpatched Java Spring Framework 0-Day RCE Bug Threatens Enterprise Web Apps Security

31 March 2022

A zero-day remote code execution (RCE) vulnerability has come to light in the Spring framework shortly after a Chinese security researcher briefly leaked a proof-of-concept (PoC) exploit on GitHub before deleting their account. According to cybersecurity firm Praetorian, the unpatched flaw impacts Spring Core on Java Development Kit (JDK) versions 9 and later and is a bypass for another vulnerability tracked as CVE-2010-1622, enabling an unauthenticated attacker to execute arbitrary code on the target system.

Read full article on The Hacker News

Date:

31 March 2022

Categorie(s):

NEWS

Tag(s):

0-Day, Application Framework, Bug, Frameworks, Open Source

Vietnamese Hacker Group Deploys New PXA Stealer Targeting Europe and Asia15 November 2024
Cybercriminals Launch SEO Poisoning Attack to Lure Shoppers to Fake Online Stores15 November 2024
How AI Is Transforming IAM and Identity Security15 November 2024
Top Applications of Robotic Process Automation in Cybersecurity15 November 2024
AI is dumber than you think15 November 2024