[MART] - Daily Diary #616 - Text4Shell Vulnerability

ctas-mat at appgate.com ctas-mat at appgate.com
Fri Oct 21 23:01:20 UTC 2022


I hope everyone is doing well!

Below is the entry for today.

10/21/2022 - Diary entry #616:

Early this week, a new remote code execution vulnerability called Text4Shell was disclosed. Tracked as CVE-2022-42889, this new flaw affects the open-source Apache Commons Text, a library that provides additions to the standard JDK's (Java Development Kit) text handling.

Although this flaw is critical, with a CVSS score (Common Vulnerability Scoring System) of 9.8, it should not be compared with the Log4Shell vulnerability (that affected the Log4J logging library), covered by many of our Daily Diaries due to its huge impact. In that case, the string interpolation that resulted in code execution was possible directly from the log message body, which usually contains untrusted input.

To exploit Text4Shell and achieve code execution, an attacker needs to send a malicious input to an endpoint that explicitly uses the library’s StringSubstitutor API without properly sanitizing any untrusted input. Because of that, the chances of successful exploitation are significantly lower than Log4Shell.

However, exploits attempts were already observed in the wild, most of them are scanning for vulnerable hosts that would send a request to the attacker’s controlled domain in case the vulnerability is successfully triggered.

To protect against Text4Shell and fix the issue, impacted applications should have the Apache Commons Text library updated to the latest version (1.10.0).

Kind Regards,


[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>


Malware Analysis and Research Team

E: ctas-mat at appgate.com<mailto:ctas-mat at appgate.com>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20221021/a37e56c5/attachment.htm>

More information about the MART mailing list