Page History
[updated on 2022 04 04 1822 16:00 GMT+1]
For more information, see spring blog and CVE-2022-22965.
...
Change log
| Timestamp | Description |
|---|---|
| 2022 04 22 16:00 GMT+1 | Added Remediation option for Collaboration tools 2021x GA version. |
| 2022 04 04 18:00 GMT+1 | First publication. Collaboration tools affected, see Remediation. |
Spring Framework (Spring4Shell) version 5.3.0 to 5.3.17, 5.2.0 to 5.2.19 is a part of the following products. Action to perform.
...
d. compress the content of extracted webapp.war file
e. rename .zip with the webapp.war
f. replace original webapp.war file with modified one in <webapp.install.dir>/webapps
g. start WebApp service.
Remediation instructions for collaboration tools (Magic Collaboration Studio, Teamwork Cloud, Cameo Collaborator for Teamwork Cloud) 2021x GA
Before starting with remediation, please download https://repo.spring.io/artifactory/release/org/springframework/spring/5.3.18/spring-5.3.18-dist.zip
The required files for remediation could be found in spring-framework-5.3.18/libs folder.
- Stop WebApp service
- Go to <webapp.install.dir>/webapps
- Delete folder webapp/
- Copy webapp.war file to a temp directory. In the temp directory:
- unzip webapp.war file
- go to webapp/WEB-INF/lib
- perform the modification:
Jar file to delete | Replace with |
spring-aop-5.2.5.jar | spring-aop-5.3.18.jar |
spring-beans-5.2.5.jar | spring-beans-5.3.18.jar |
spring-context-5.2.5.jar | spring-context-5.3.18.jar |
spring-context-support-5.2.5.jar | spring-context-support-5.3.18.jar |
spring-core-5.2.5.jar | spring-core-5.3.18.jar |
spring-expression-5.2.5.jar | spring-expression-5.3.18.jar |
spring-jcl-5.2.5.jar | spring-jcl-5.3.18.jar |
spring-web-5.2.5.jar | spring-web-5.3.18.jar |
spring-webmvc-5.2.5.jar | spring-webmvc-5.3.18.jar |
d. compress the content of extracted webapp.war file
e. rename .zip with the webapp.war
f. replace original webapp.war file with modified one in <webapp.install.dir>/webapps
g. start WebApp service.
...