https://urgentcomm.com/wp-content/themes/ucm_child/assets/images/logo/footer-new-logo.png
  • Home
  • News
  • Multimedia
    • Back
    • Multimedia
    • Video
    • Podcasts
    • Galleries
  • Commentary
    • Back
    • Commentary
    • Urgent Matters
    • View From The Top
    • All Things IWCE
    • Legal Matters
  • Resources
    • Back
    • Resources
    • Webinars
    • White Papers
    • Reprints & Reuse
  • IWCE
    • Back
    • IWCE
    • Conference
    • Special Events
    • Exhibitor Listings
    • Premier Partners
    • Floor Plan
    • Exhibiting Information
    • Register for IWCE
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookies Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • Mission Critical Technologies
    • Microwave/RF
    • T&D World
    • TU-Auto
  • In the field
    • Back
    • In the field
    • Broadband Push-to-X
    • Internet of Things
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Call Center/Command
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Network Tech
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Operations
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Regulations
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • Organizations
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
Urgent Communications
  • NEWSLETTER
  • Home
  • News
  • Multimedia
    • Back
    • Video
    • Podcasts
    • Omdia Crit Comms Circle Podcast
    • Galleries
    • IWCE’s Video Showcase
  • Commentary
    • Back
    • All Things IWCE
    • Urgent Matters
    • View From The Top
    • Legal Matters
  • Resources
    • Back
    • Webinars
    • White Papers
    • Reprints & Reuse
    • UC eZines
    • Sponsored content
  • IWCE
    • Back
    • Conference
    • Why Attend
    • Exhibitor Listing
    • Floor Plan
    • Exhibiting Information
    • Join the Event Mailing List
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookies Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • TU-Auto
  • newsletter
  • In the field
    • Back
    • Internet of Things
    • Broadband Push-to-X
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Cybersecurity
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
acc.com

Cybersecurity


Partner content

Zero-day vulnerability discovered in Java Spring framework

Zero-day vulnerability discovered in Java Spring framework

  • Written by Robert Lemos / Dark Reading
  • 31st March 2022

A zero-day vulnerability found in the popular Java Web application development framework Spring likely puts a wide variety of Web apps at risk of remote attack, security researchers disclosed on March 30.

The vulnerability — dubbed Spring4Shell and SpringShell by some security firms — has caused a great deal of confusion over the past 24 hours as researchers struggled to determine if the issue was new, or related to older vulnerabilities. Researchers with cybersecurity services firm Praetorian and threat intelligence firm Flashpoint independently confirmed that the exploit attacks a new vulnerability, which could be exploited remotely if a Spring application is deployed to an Apache Tomcat server using a common configuration.

Spring4Shell, which has not yet been assigned a Common Vulnerabilities and Exposures (CVE) identifier, will likely require broad patching to make certain that installations are not vulnerable to remote compromise, says Richard Ford, chief technology officer for Praetorian.

“The impact is relatively broad in terms of what we know to be trivially exploitable at this point,” he says. “Even people who run [non-vulnerable configurations] will likely be recommended to patch, even though — today — we don’t have a working RCE [remote code execution] for it.”

The hands-on research by Praetorian and Flashpoint ended speculation by a variety of security professionals on social media that the proof-of-concept code actually exploited older, already patched vulnerabilities. The vulnerability targeted by the exploit is different from two previous vulnerabilities disclosed in the Spring framework this week — the Spring Cloud vulnerability (CVE-2022-22963) and the Spring Expression DoS vulnerability (CVE-2022-22950), according to researchers studying the issues.

The Retail and Hospitality ISAC also issued a statement that its researchers had confirmed the vulnerability.

Spring, which is now owned and managed by VMware, is currently working on an update, according to Praetorian. At this point, threat actors are not yet communicating about the vulnerability, Flashpoint stated in a blog post.

To read the complete article, visit Dark Reading.

 

Tags: Alerting Systems Applications Critical Infrastructure Cybersecurity DHS Enterprise Federal Government/Military Incident Command/Situational Awareness News Policy Public Safety Security Software State & Local Government System Operation Tracking, Monitoring & Control Partner content

Most Recent


  • Dubai to use satellite IoT terminals for utility industry
    Dubai’s Electricity and Water Authority (DEWA) is collaborating with Infra X, the IT and telecommunications arm of Digital DEWA, and its British technical partner Wyld to establish IoT satellite terminals to help streamline operations and maintenance efforts. The project comes under DEWA’s Space-D programme and will connect DEWA’s water and electricity assets to nano-satellites to […]
  • VMware, airline targeted as ransomware chaos reigns
    Ransomware incidents are on the rise and this week proved no exception, with the discovery of a Linux-based ransomware family called Cheerscrypt targeting VMware ESXi servers and an attack on SpiceJet, India’s second largest airline. Meanwhile, an oddball “GoodWill” variant purports to help the needy. The Cheerscrypt ransomware variant was uncovered by Trend Micro and relies on […]
  • Artificial intelligence used to detect guns at schools
    At around midday on Tuesday, May 24 an 18-year-old shooter walked into an elementary school in Uvalde, Texas and shot and killed 21 people including 19 children. It is the second worst mass school shooting in U.S. history. There have been 30 mass shootings at K-12 schools so far in 2022. “I am sick and […]
  • Restrictions on Chinese imports hurting equipment vendors working in India
    Vendors have requested a relaxation on imports from China so that domestic telecom operators can roll out upgraded networks faster. With 5G deployment around the corner, telecom equipment vendors are finding themselves in a catch-22 situation. Since the Indo-Sino clash on the Galwan border in 2020, cross-border trade with China has been severely restricted. Multinational […]

Leave a comment Cancel reply

To leave a comment login with your Urgent Comms account:

Log in with your Urgent Comms account

Or alternatively provide your name, email address below:

Your email address will not be published. Required fields are marked *

Related Content

  • How a quantum computer actually works
  • Vulnerabilities in Rockwell Automation PLCs could enable Stuxnet-like attacks
  • IWCE 2022: The future of 5G and its implications for government organizations
  • Smart cities: Security by design? It takes a village

Commentary


LTE and liability: Why the fire service must move forward with digital incident command

  • 2
6th May 2022

Partnership and collaboration must be the foundation for emergency communications

18th April 2022

FirstNet success means no hypothetical ‘shots’ need to be fired, Swenson says

22nd February 2022
view all

Events


UC Ezines


IWCE 2019 Wrap Up

13th May 2019
view all

Twitter


UrgentComm

Dubai to use satellite IoT terminals for utility industry dlvr.it/SRB0Jn

27th May 2022
UrgentComm

VMware, airline targeted as ransomware chaos reigns dlvr.it/SR9gBZ

27th May 2022
UrgentComm

Artificial intelligence used to detect guns at schools dlvr.it/SR8wBY

27th May 2022
UrgentComm

Restrictions on Chinese imports hurting equipment vendors working in India dlvr.it/SR8sj7

27th May 2022
UrgentComm

Infrastructure improvements in cities often feature clean energy or connected technologies dlvr.it/SR8n7G

27th May 2022
UrgentComm

Panasonic Connect launches Toughbook 40 rugged laptop dlvr.it/SR5vl2

26th May 2022
UrgentComm

Newscan: ‘Predator’ spyware let government hackers break into Chrome and Android, Google says dlvr.it/SR2lBG

25th May 2022
UrgentComm

Malicious Python Repository Package drops Cobalt Strike on Windows, macOS & Linux systems dlvr.it/SR0Qb2

24th May 2022

Newsletter

Sign up for UrgentComm’s newsletters to receive regular news and information updates about Communications and Technology.

Expert Commentary

Learn from experts about the latest technology in automation, machine-learning, big data and cybersecurity.

Business Media

Find the latest videos and media from the market leaders.

Media Kit and Advertising

Want to reach our digital and print audiences? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • American City & County
  • IWCE
  • Light Reading
  • IOT World Today
  • Mission Critical Technologies
  • Microwave/RF
  • T&D World
  • TU-Auto

WORKING WITH US

  • About Us
  • Contact Us
  • Events
  • Careers

FOLLOW Urgent Comms ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X