Oracle Releases 349 New Security Patches With July 2022 CPU

Oracle Releases 349 New Security Patches With July 2022 CPU

Home › Vulnerabilities Oracle Releases 349 New Security Patches With July 2022 CPU By Ionut Arghire on July 20, 2022 Tweet Oracle on Tuesday announced that a total of 349 new security patches have been released as part of its July 2022 Critical Patch Update (CPU), including 230 for vulnerabilities that can be exploited by remote, unauthenticated attackers. This month’s CPU includes security…

View On WordPress

Vulnerabilidad zero-day en Java Spring

Fecha de publicación: 31/03/2022 Nivel de peligrosidad: CRÍTICO

El CCN-CERT, del Centro Criptológico Nacional, avisa de la publicación de dos vulnerabilidades, una de ellas de tipo zero-day, que afecta a Java Spring.

Se ha hecho pública una vulnerabilidad de tipo zero-day que afecta al framework Spring Core Java, plataforma de código abierto que proporciona soporte de infraestructura integral para desarrollar aplicaciones Java, muy popular entre los desarrolladores de software.

Esta vulnerabilidad, catalogada como crítica, a la que se le ha denominado Spring4Shell y asignado el CVE-2022-22965, fue notificada el pasado 29 de marzo por esta web de ciberseguridad china.

Attackers are actively exploiting the #Spring4Shell #vulnerabilities disclosed earlier this month to spread the #Mirai #botnet...

https://www.trendmicro.com/en_us/research/22/d/cve-2022-22965-analyzing-the-exploitation-of-spring4shell-vulner.html

Spring4Shell Vulnerability 

Read complete blog here - https://redfoxsec.com/blog/spring4shell-vulnerability/

Hackers Exploiting Spring4Shell Vulnerability to Deploy Mirai Botnet Malware

Source: https://thehackernews.com/2022/04/hackers-exploiting-spring4shell.html

More info: https://www.trendmicro.com/en_us/research/22/d/cve-2022-22965-analyzing-the-exploitation-of-spring4shell-vulner.html

They fucking killed a gnome in my yard

[Media] ​​Spring4Shell

​​Spring4Shell https://github.com/Loneyers/Spring4Shell

RT @TheHackersNews: Hackers are exploiting recently disclosed critical Spring4Shell #vulnerability to execute the Mirai botnet. Read details: https://t.co/HRbVDPwBf9 #infosec #hackernews #hacking #IoT #malware. (via Twitter https://twitter.com/TheHackersNews/status/1513125643315134464)

14 VULNERABILIDADES CRÍTICAS CORREGIDAS EN DIFERENTES PRODUCTOS DE SAP: ACTUALICE PRONTO

14 VULNERABILIDADES CRÍTICAS CORREGIDAS EN DIFERENTES PRODUCTOS DE SAP: ACTUALICE PRONTO

En su más reciente paquete de parches de seguridad, SAP incluyó ocho correcciones para diversas fallas, incluyendo tres parches para abordar la vulnerabilidad identificada como Spring4Shell, explotada de forma activa. Identificada como CVE-2022-22965, la vulnerabilidad reside en el marco Spring Java y su explotación permitiría desplegar ataques de ejecución remota de código (RCE). Después de…

View On WordPress

Spring4Shell: evaluación del riesgo

Spring4Shell: evaluación del riesgo

Cuando una vulnerabilidad significativa como Spring4Shell se descubre, ¿cómo determina si está en riesgo? Los servicios de seguros o verificación pueden requerir que ejecute pruebas externas en las propiedades web. Estos informes a menudo muestran exposiciones falsas que pueden o no generar más problemas en su sitio web. Debe investigar los informes de falsos positivos e informar a la gerencia si…

View On WordPress

Explaining Spring4Shell: The Internet security disaster that wasn’t

Explaining Spring4Shell: The Internet security disaster that wasn’t

Getty Images Hype and hyperbole were on full display this week as the security world reacted to reports of yet another Log4Shell. The vulnerability came to light in December and is arguably one of the gravest Internet threats in years. Christened Spring4Shell—the new code-execution bug is in the widely used Spring Java framework—the threat quickly set the security world on fire as researchers…

View On WordPress

Explaining Spring4Shell: The Internet security disaster that wasn’t

Explaining Spring4Shell: The Internet security disaster that wasn’t

Getty Images Hype and hyperbole were on full display this week as the security world reacted to reports of yet another Log4Shell. The vulnerability came to light in December and is arguably one of the gravest Internet threats in years. Christened Spring4Shell—the new code-execution bug is in the widely used Spring Java framework—the threat quickly set the security world on fire as researchers…

View On WordPress

SAP Releases Patches for Spring4Shell Vulnerability

SAP Releases Patches for Spring4Shell Vulnerability

German software maker SAP announced on Tuesday that more than 30 new and updated security notes were released on its April 2022 Security Patch Day, including notes that deal with the Spring4Shell vulnerability. read morehttp://dlvr.it/SNVKQt

View On WordPress

[Media] ​​Spring4shell CVE-2022-22965

​​Spring4shell CVE-2022-22965 A python implementation of CVE-2022-22965 that provides a prompt to the user in the style of an ssh session. This script is designed to be easy to understand and execute, with both readability and accessbility - depending on the user's choice. Designed for exploiting the vulnerability on tomcat servers. The fileDateFormat field on the server will be set and unset as part of the script which allows the exploit to be run multiple times. Cleanup may be required. https://github.com/p1ckzi/CVE-2022-22965 Research: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22965