<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">

<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>

</head>

<body dir="ltr">

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof ContentPasted0">

Hello,

<div><br class="ContentPasted0">

</div>

<div class="ContentPasted0">I hope everyone is doing well!</div>

<div><br class="ContentPasted0">

</div>

<div class="ContentPasted0">Below is the entry for today.</div>

<div><br class="ContentPasted0">

</div>

<div class="ContentPasted0">10/21/2022 - Diary entry #616:</div>

<div><br class="ContentPasted0">

</div>

<blockquote style="margin-top:0;margin-bottom:0">

<div class="ContentPasted0 ContentPasted1">Early this week, a new remote code execution vulnerability called Text4Shell was disclosed. Tracked as CVE-2022-42889, this new flaw affects the open-source Apache Commons Text, a library that provides additions to

 the standard JDK's (Java Development Kit) text handling.

<div><br class="ContentPasted1">

</div>

<div class="ContentPasted1">Although this flaw is critical, with a CVSS score (Common Vulnerability Scoring System) of 9.8, it should not be compared with the Log4Shell vulnerability (that affected the Log4J logging library), covered by many of our Daily Diaries

 due to its huge impact. In that case, the string interpolation that resulted in code execution was possible directly from the log message body, which usually contains untrusted input.</div>

<div><br class="ContentPasted1">

</div>

<div class="ContentPasted1">To exploit Text4Shell and achieve code execution, an attacker needs to send a malicious input to an endpoint that explicitly uses the library’s StringSubstitutor API without properly sanitizing any untrusted input. Because of that,

 the chances of successful exploitation are significantly lower than Log4Shell.</div>

<div><br class="ContentPasted1">

</div>

<div class="ContentPasted1">However, exploits attempts were already observed in the wild, most of them are scanning for vulnerable hosts that would send a request to the attacker’s controlled domain in case the vulnerability is successfully triggered.</div>

<div><br class="ContentPasted1">

</div>

To protect against Text4Shell and fix the issue, impacted applications should have the Apache Commons Text library updated to the latest version (1.10.0).<br>

</div>

</blockquote>

<div><br class="ContentPasted0">

</div>

Kind Regards,<br>

</div>

<div class="elementToProof">

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

<br>

</div>

<div id="Signature">

<div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

</div>

<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">

<table style="font-size:medium; font-family:"Times New Roman"">

<tbody>

<tr>

<td style="width:180px" align="left">

<table width="120" align="left">

<tbody>

<tr>

<td colspan="3" align="center"><a href="https://www.appgate.com/" target="_blank" rel="noopener noreferrer" style="margin:0px"><img style="margin:0px" width="120" height="30" src="https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png"></a></td>

</tr>

<tr>

<td colspan="3" align="center"> </td>

</tr>

<tr>

<td width="37%" align="center"><a href="https://www.linkedin.com/company/appgate-security/" target="_blank" rel="noopener noreferrer" style="margin:0px"><img style="margin:0px" width="18" height="18" src="https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png"></a></td>

<td width="28%"><a href="https://twitter.com/AppgateSecurity" target="_blank" rel="noopener noreferrer" style="margin:0px"><img style="margin:0px" width="20" height="18" src="https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png"></a></td>

<td width="35%"><a href="https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ" target="_blank" rel="noopener noreferrer" style="margin:0px"><img style="width: 26px; height: 18px; max-width: initial;" width="26" height="18" src="https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png"></a></td>

</tr>

</tbody>

</table>

<p style="margin-top:0px; margin-bottom:0px"> </p>

</td>

<td colspan="2" rowspan="2" style="width:350px">

<p style="color:rgb(12,12,12); font-size:13px; font-family:Arial,Helvetica,sans-serif; margin-top:0px; margin-bottom:0px">

<strong>MART</strong><br>

</p>

<p style="color:rgb(12,12,12); font-size:13px; font-family:Arial,Helvetica,sans-serif; margin-top:0px; margin-bottom:0px">

Malware Analysis and Research Team<br>

<strong>Appgate</strong></p>

<p style="color:rgb(12,12,12); font-size:13px; font-family:Arial,Helvetica,sans-serif; margin-top:0px; margin-bottom:0px">

E:<span style="margin:0px"> <a href="mailto:ctas-mat@appgate.com" title="mailto:ctas-mat@appgate.com">

ctas-mat@appgate.com</a></span><br>

</p>

<p style="color:rgb(12,12,12); font-size:13px; font-family:Arial,Helvetica,sans-serif; margin-top:0px; margin-bottom:0px">

<br>

<span style="margin:0px; background-color:white"></span></p>

</td>

</tr>

</tbody>

</table>

<br>

</div>

</div>

</div>

</div>

</body>

</html>