killchain-compendium/exploit/java/spring4shell.md

# CVE-2022-22965

* [Mitre CVE details](https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-22965)
* Follow up to CVE-2010-1622 by circumventing the patch for the vulnerability
* RCE of `*.jsp` files through tomcat HTTP post request

* Conditions
    * > jdk9
    * Spring framework < 5.2, 5.2.0-19, 5.3.0-17
    * Apache tomcat
    * spring as WAR package
    * `spring-webvmc` or `spring-webflux` components of the spring framework
new stuff 2022-04-14 01:06:16 +02:00			`# CVE-2022-22965`

			`* [Mitre CVE details](https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-22965)`
			`* Follow up to CVE-2010-1622 by circumventing the patch for the vulnerability`
			* RCE of `*.jsp` files through tomcat HTTP post request

			`* Conditions`
			`* > jdk9`
			`* Spring framework < 5.2, 5.2.0-19, 5.3.0-17`
			`* Apache tomcat`
			`* spring as WAR package`
			* `spring-webvmc` or `spring-webflux` components of the spring framework