Apache Tomcat 8.x < 8.5.78 Spring4Shell (CVE-2022-22965) Mitigations

info Nessus Plugin ID 159462


The remote Apache Tomcat server does not have the Spring4Shell (CVE-2022-22965) mitigations


The version of Apache Tomcat installed on the remote host is 8.x prior to 8.5.78.

This version of Apache Tomcat does not have mitigations in place to protect against Spring4Shell (CVE-2022-22965). While this does not represent a vulnerability in Apache Tomcat itself, it is recommend to update Apache Tomcat to a version with the Spring4Shell mitigations present.

Note that Nessus has not tested for the mitigations but has instead relied only on the application's self-reported version number.


Upgrade to Apache Tomcat version 8.5.78 or later.

See Also


Plugin Details

Severity: Info

ID: 159462

File Name: tomcat_8_5_78.nasl

Version: 1.2

Type: combined

Agent: windows, macosx, unix

Family: Web Servers

Published: 4/1/2022

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus Agent

Vulnerability Information

CPE: cpe:/a:apache:tomcat

Required KB Items: installed_sw/Apache Tomcat

Patch Publication Date: 4/1/2022

Vulnerability Publication Date: 3/31/2022