Unpatched Java Spring Framework 0-Day RCE Bug Threatens Enterprise Web Apps Security

31 March 2022

A zero-day remote code execution (RCE) vulnerability has come to light in the Spring framework shortly after a Chinese security researcher briefly leaked a proof-of-concept (PoC) exploit on GitHub before deleting their account. According to cybersecurity firm Praetorian, the unpatched flaw impacts Spring Core on Java Development Kit (JDK) versions 9 and later and is a bypass for another vulnerability tracked as CVE-2010-1622, enabling an unauthenticated attacker to execute arbitrary code on the target system.

Read full article on The Hacker News

Date:

31 March 2022

Categorie(s):

NEWS

Tag(s):

0-Day, Application Framework, Bug, Frameworks, Open Source

What Are The Best Free VPN Services For Ukraine?6 May 2024
BlackBasta claims Synlab attack, leaks some stolen documents6 May 2024
Xiaomi Android Devices Hit by Multiple Flaws Across Apps and System Components6 May 2024
Change Healthcare Ransomware Attack: A chronological timeline6 May 2024
Can AI tools help reduce Zoom fatigue?6 May 2024