• Language chooser
    • USA (English)
    • France (Français)

virus logo Outbreak Alert

Apache Text4shell Vulnerability

Released: Oct 21, 2022

Download PDF »

Apache Commons Text RCE

High Severity

Apache Vendor

Vulnerability Type

So-called as Text4Shell but not near yet to Log4Shell

A vulnerability on Apache Commons Text library that can allow the attacker to do a Remote Code Execution (RCE) via its interpolation. FortiGuard has added protections throughout the Security Fabric to safeguard its customers from possible attacks. Learn More »

Common Vulnerabilities and Exposures

CVE-2022-42889
CVE-2022-33980

Background

Apache Commons Text is a library for performing various text operations with values looked up through interpolators. Such examples of text operations are escaping, calculating string differences, and substituting placeholders. According to the Apache blog, the Apache Common Text issue is different from Log4Shell (CVE-2021-44228) because the affected method is explicitly intended to perform string interpolation. Applications that uses the library is less likely to inadvertently pass untrusted input without proper validation.

Threat Radar Overall Score:
CVSS Rating 9.0
FortiRecon Score 92/100
Known Exploited No
Exploit Prediction Score 97.15%
FortiGuard Telemetry 1393

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.


13 Oct, 2022: The Apache Commons Text team disclosed CVE-2022-42889.
https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om


18 Oct, 2022: The Apache Security Team posted a blog. https://blogs.apache.org/security/entry/cve-2022-42889
21 Oct, 2022: FortiGuard telemetry shows low activity on the vulnerability.

FortiGuard has added IPS, FortiADC WAF and FortiWeb WAF signatures to block any attack attempts leveraging these vulnerabilities to protect our customers. Users are recommended to upgrade vulnerable versions as recommended by the vendor and also properly validate and sanitize any untrusted input as a best practice.

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.


PROTECT

  • Lure

  • Decoy VM

  • Vulnerability

  • IPS

  • Web App Security

DETECT

  • Outbreak Detection

  • Threat Hunting

  • Content Update

RESPOND
RECOVER
IDENTIFY

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.


Loading ...

Indicators of compromise Indicators of compromise
IOC Indicator List
Indicator Type Status
oast.me domain Active
dnslog.cn domain Active
207.180.241.85 ip Active
194.163.185.138 ip Active
164.90.174.6 ip Active
159.180.168.61 ip Active
165.227.196.68 ip Active
207.154.234.251 ip Active
acpk.xyz domain Inactive
blsops.com domain Active
ligame.xyz domain Active
oast.live domain Active
oast.online domain Active
tress.cf domain Active
103.127.158.166 ip Active
103.162.75.6 ip Active
13.53.121.211 ip Active
13.58.100.198 ip Active
139.59.210.202 ip Active
144.126.131.64 ip Active
157.230.29.154 ip Active
159.180.168.60 ip Active
159.223.26.207 ip Active
159.89.185.54 ip Active
161.97.122.174 ip Active
161.97.132.171 ip Active
161.97.74.59 ip Active
164.92.136.114 ip Active
181.215.176.86 ip Active
199.16.53.138 ip Active
20.112.84.178 ip Active
20.9.198.105 ip Active
206.189.150.65 ip Active
209.126.10.16 ip Active
3.232.79.59 ip Active
37.120.189.196 ip Active
38.242.147.244 ip Active
38.242.242.52 ip Active
46.101.177.159 ip Active
52.202.251.117 ip Active
52.94.133.128 ip Active
62.171.165.202 ip Active
66.94.110.65 ip Active
66.94.110.66 ip Active
66.94.113.40 ip Active
72.21.196.64 ip Active
80.152.226.29 ip Active
oast.fun domain Active
oast.pro domain Active
oast.site domain Active
vii.one domain Active