ncsc-nl / spring4shell Goto Github PK
View Code? Open in Web Editor NEWOperational information regarding the Spring4Shell vulnerability in the Spring Core Framework
Operational information regarding the Spring4Shell vulnerability in the Spring Core Framework
Atlassian has finished their investigation and updated their FAQ page to state that their products are not vulnerable.
In the software overview F5 is shown as "Not applicable" and "Not Vulnerable" for all products, but that is incorrect based on the information available; In https://support.f5.com/csp/article/K11510688 the company states that only all products related to NGINX are not affected and "not applicable", all other F5 products are still under investigation as marked with double star (**) in the table.
As per the F5 knowledge article:
** Confirmation of vulnerability or non-vulnerability is not presently available. F5 is still researching the issue for the products indicated, and will update this article with the most current information as soon as it has been confirmed. F5 Support has no additional information on this issue.
Hey NCSC-NL,
Great job on your investigation!
Just wanted to ask you if you could maybe add some Suricata coverage to the readme.md:
Kind regards,
Yassir Laaouissi
I wanted to search through https://github.com/NCSC-NL/spring4shell/blob/main/software/README.md. Searching for Vulnerable
doesn't work because of the Not Vulnerable
items.
It would be nice to change Not Vulnerable
to just Not
. Or to separate vulnerable items in a separate list.
(Btw, I'm willing to create a PR for this but unsure if you want this and in which direction so.)
See this article: https://bmcsites.force.com/casemgmt/sc_KnowledgeArticle?sfdcid=000395541
The Control-M core products themselves are not affected, but this 'pack' is affected.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.