As of December 31st, 2023 ThreadFix 2.X has reached End of Life and is no longer supported. For any further information please contact the Success and Implementation team.
Spring4Shell Risk Mitigation
ThreadFix Spring4Shell Vulnerability Response
The National Vulnerability Database has identified a high risk exploit, Spring4Shell, which affects applications running Tomcat as a WAR deployment. For more information refer to CVE-2022-22965. In response Coalfire has tested ThreadFix to assess risk and mitigation options. Users should update their version of Tomcat to the latest version in addition to upgrading to ThreadFix version 2.8.6 which further mitigates risk of exposure and provides an additional security enhancement. At a minimum, ThreadFix recommends all users update their version of Tomcat to version 8.5.78 to safeguard against exposure.
Tomcat Update and Migration Guides
April 2022 Update
ThreadFix version 2.8.6 addresses the Spring4Shell vulnerability, note the download file and release notes below:
If you have any questions or concerns please reach out to our support team at support@threadfix.it.
www.threadfix.it | www.coalfire.com
Copyright © 2024 Coalfire. All rights reserved.
This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.