Blog Security Mitigating Spring Core “Spring4Shell” Zero-Day Blog Overview \r\n On March 30, 2022, the security community became widely aware of vulnerabilities related to Spring, the popular open-source Java framework. Akamai’s Adaptive Security Engine was able to detect zero-day attacks on this vulnerability, and Akamai customers are protected (see more details below). \r\n The vulnerability disclosure timeline and other informally reported information unfortunately created confusion about what’s happening, so we wanted to update customers and other interested stakeholders on the situation. \r\n There are two separate vulnerabilities related to Spring products: \r\n \r\n CVE-2022-22963 was a vulnerability in Spring Cloud Function (open source serverless technology) that was patched on March 24, and public exploits were made available. (Note: We have a separate blog on this vulnerability.) \r\n \r\n \r\n \r\n Another vulnerability in Spring Core , dubbed “Spring4Shell,” assigned CVE-2022-22965.…