Does Spring4Shell vulnerability (CVE-2022-22965) impact Stat? (4306339)

Chat now with support

Return

Feedback Submitted

Did this article solve an issue for you?

Select Rating

Title

Does Spring4Shell vulnerability (CVE-2022-22965) impact Stat?
Description

Does Spring4Shell vulnerability (CVE-2022-22965) impact Stat?
Cause

Spring4Shell vulnerability (CVE-2022-22965)
Resolution

STAT product is not directly impacted by this vulnerability (resteasy-spring), but it is shipping the related jar in the product.
This jar was optional, and Stat do not require this jar. Plan is to remove this jar from the product in the next release.
Immediate solution:
Steps to remove resteasy-spring jar for 6.3
1. Stop SCA
2. Go to location <STAT_HOME>\app\modules\system\layers\base\org\jboss\as\jaxrs\main
3. Take backup of module.xml and edit module.xml. Remove following entry:
<module name="org.jboss.resteasy.resteasy-spring" optional="true"/>
4. Go to location <STAT_HOME>\app\modules\system\layers\base\org\jboss\resteasy
5. Take backup of folder resteasy-spring and then delete this folder.
6. Restart SCA
Steps to remove resteasy-spring jar for 6.2
1. Stop SCA.
2. Go to location <STAT_HOME>\app\modules\system\layers\base\org\jboss\as\jaxrs\main
3. Take backup of module.xml and edit module.xml. Remove following entry:
<module name="org.jboss.resteasy.resteasy-spring" optional="true"/>
4. Go to location <STAT_HOME>\app\modules\system\layers\base\org\jboss\resteasy
5. Take backup of folder resteasy-spring and then delete this folder.
6. Restart SCA.
Additional Information

https://mvnrepository.com/artifact/org.jboss.resteasy/resteasy-spring/3.7.0.Final

Feedback Submitted

Did this article solve an issue for you?

Select Rating

Title