15 lines
436 B
Markdown
15 lines
436 B
Markdown
# CVE-2022-22965
|
|
|
|
* [Mitre CVE details](https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-22965)
|
|
* Follow up to CVE-2010-1622 by circumventing the patch for the vulnerability
|
|
* RCE of `*.jsp` files through tomcat HTTP post request
|
|
|
|
* Conditions
|
|
* > jdk9
|
|
* Spring framework < 5.2, 5.2.0-19, 5.3.0-17
|
|
* Apache tomcat
|
|
* spring as WAR package
|
|
* `spring-webvmc` or `spring-webflux` components of the spring framework
|
|
|
|
|