Forum Discussion

Product Team

4 years ago

Frequently Asked Questions about Spring4Shell Vulnerability

Frequently Asked Questions about Spring4Shell Vulnerability On March 30, there were reports about Spring4Shell, a critical zero-day vulnerability in the Spring Core Framework, a programming and ...

Cyber Exposure Alerts

scaveza

Product Team

4 years ago

Hi Keith,

This morning updates were released by Spring and our teams are working on getting plugin content available as soon as possible. We will continue to update the blog with new information and links to the plugins as they become available.

mike_jones
Connect Contributor
4 years ago
Scott,
Should we expect the plugins to be purely version based checks (patched or not), or will they includes checks for the requirements?
JDK 9 or higher
Apache Tomcat as the Servlet container
Packaged as WAR
spring-webmvc
or
spring-webflux
The difference obviously being version checks are simple but the requirements not so much :)
- scaveza
  Product Team
  4 years ago
  Hi Mike,
  Plugin ID 159374 currently is only looking at the version information. The team is looking into additional detection capabilities at this time.

Forum Discussion

Frequently Asked Questions about Spring4Shell Vulnerability

Recent Discussions

Microsoft’s September 2025 Patch Tuesday Addresses 80 CVEs (CVE-2025-55234)

Frequently Asked Questions About Chinese State-Sponsored Actors Compromising Global Networks

CVE-2025-7775: Citrix NetScaler ADC and Gateway Zero-Day RCE Vulnerability Exploited in the Wild

CVE-2025-25256: Proof of Concept Released for Fortinet FortiSIEM Command Injection Vulnerability

Microsoft’s August 2025 Patch Tuesday Addresses 107 CVEs (CVE-2025-53779)

Americas

Europe

Asia / Australia