Last update: 05/04/2022
Status MOA-ID 'Spring4Shell' (CVE-2022-22965)
Dear Ladies and gentlemen, From the current perspective, there is no urgent need for action with MOA-ID E-ID Proxy concerning the 'Spring4Shell' vulnerabilities CVE-2022-22965. Although the corresponding library is included in the MOA-ID E-ID Proxy, the MOA-ID E-ID Proxy is not affected by CVE-2022-22965 from a current perspective because not all of the conditions required for an attack are applied. In detail, the MOA-ID E-ID Proxy uses the @RequestMapping annotation but no @ModelAttribute annotation to process the request parameters. According to the Spring-MVC documentation, all parameters…
ICT security