# CVE-2022-22965

* [Mitre CVE details](https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-22965)
* Follow up to CVE-2010-1622 by circumventing the patch for the vulnerability
* RCE of `*.jsp` files through tomcat HTTP post request

* Conditions
    * > jdk9
    * Spring framework < 5.2, 5.2.0-19, 5.3.0-17
    * Apache tomcat
    * spring as WAR package
    * `spring-webvmc` or `spring-webflux` components of the spring framework