Forum Discussion

Product Team

4 years ago

Frequently Asked Questions about Spring4Shell Vulnerability

Frequently Asked Questions about Spring4Shell Vulnerability On March 30, there were reports about Spring4Shell, a critical zero-day vulnerability in the Spring Core Framework, a programming and ...

Cyber Exposure Alerts

mike_jones

Connect Contributor

4 years ago

Scott,

Should we expect the plugins to be purely version based checks (patched or not), or will they includes checks for the requirements?

JDK 9 or higher
Apache Tomcat as the Servlet container
Packaged as WAR
spring-webmvc

spring-webflux

The difference obviously being version checks are simple but the requirements not so much :)

scaveza

Product Team

4 years ago

Hi Mike,

Plugin ID 159374 currently is only looking at the version information. The team is looking into additional detection capabilities at this time.

Forum Discussion

Frequently Asked Questions about Spring4Shell Vulnerability

Recent Discussions

Microsoft’s September 2025 Patch Tuesday Addresses 80 CVEs (CVE-2025-55234)

Frequently Asked Questions About Chinese State-Sponsored Actors Compromising Global Networks

CVE-2025-7775: Citrix NetScaler ADC and Gateway Zero-Day RCE Vulnerability Exploited in the Wild

CVE-2025-25256: Proof of Concept Released for Fortinet FortiSIEM Command Injection Vulnerability

Microsoft’s August 2025 Patch Tuesday Addresses 107 CVEs (CVE-2025-53779)

Americas

Europe

Asia / Australia