“VMware Spring Cloud” Java bug gives instant remote code execution – update now! – Naked Security

VMware Spring is an open-source Java toolkit for building powerful Java apps, including cloud-based apps, without needing to write, manage, worry about, or even understand the “server” part of the process yourself.

If you’ve heard the term serveless computingthen this is the sort of programming environment it refers to: the overall system isn’t serverless (no client-server or cloud solution could be, after all), but the programmers responsible for the data processing code can pretend that there aren ‘ t any servers when designing and coding their apps.

Simply put, you let the surrounding ecosystem do the server-centric stuff of accepting network traffic, setting up TLS connewctions, parsing HTTP requests, extracting input headers and data, deciding who’s asking for what from whom, calling the right “serverless code” ( that’s where you come in!), packaging up the results, and sending them back over the network to the initiator of the request.

You write the code that receives inputs and computes results from it, without needing to worry whether the input originated locally, arrived via your own LAN, or came in over the internet.

You do not need to worry about, or even care, what sort of server your code is running on: it could be a server of your own, set up and managed by your colleagues in IT; or a cloud instance hosted and executing on a popular cloud service provider; or both.

Related posts


Latest posts

YouAttest collaborates with JumpCloud to give users access reviews for identity governance

YouAttest announced their product integration with JumpCloud - an open directory platform that gives IT, security...

SLACIP: How to Comply with the SOCI ACT Reforms

On March 31, 2022, the Security Legislation Amendment Critical Infrastructure Protection Act 2022, also known as SLACIP, was passed by the Australian Parliament. ...

Microsoft patches the Patch Tuesday patch that broke authentication – Naked Security

Two of the big-news vulnerabilities in this month's Patch Tuesday updates from Microsoft were CVE-2022-26923 and CVE-2022-26931which affected the safety of authentication in Windows. Even...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!