So-called as Text4Shell but not near yet to Log4Shell
A vulnerability on Apache Commons Text library that can allow the attacker to do a Remote Code Execution (RCE) via its interpolation. FortiGuard has added protections throughout the Security Fabric to safeguard its customers from possible attacks. Learn More »
Common Vulnerabilities and Exposures
Background
Apache Commons Text is a library for performing various text operations with values looked up through interpolators. Such examples of text operations are escaping, calculating string differences, and substituting placeholders. According to the Apache blog, the Apache Common Text issue is different from Log4Shell (CVE-2021-44228) because the affected method is explicitly intended to perform string interpolation. Applications that uses the library is less likely to inadvertently pass untrusted input without proper validation.
Latest Development
Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.
13 Oct, 2022: The Apache Commons Text team disclosed CVE-2022-42889.
https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om
18 Oct, 2022: The Apache Security Team posted a blog. https://blogs.apache.org/security/entry/cve-2022-42889
21 Oct, 2022: FortiGuard telemetry shows low activity on the vulnerability.
FortiGuard has added IPS, FortiADC WAF and FortiWeb WAF signatures to block any attack attempts leveraging these vulnerabilities to protect our customers. Users are recommended to upgrade vulnerable versions as recommended by the vendor and also properly validate and sanitize any untrusted input as a best practice.
FortiGuard Cybersecurity Framework
Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.
-
Lure
-
Decoy VM
-
Vulnerability
-
IPS
-
Web App Security
-
Outbreak Detection
-
Threat Hunting
-
Content Update
Threat Intelligence
Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.
Loading ...
References
Sources of information in support and relation to this Outbreak and vendor.