ClickCease Hackers exploit new 'Text4Shell' vulnerability

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Hackers exploit new ‘Text4Shell’ vulnerability

Obanla Opeyemi

October 31, 2022 - TuxCare expert team

Wordfence, a WordPress security company, has uncovered attempts by hackers to exploit the new Text4Shell vulnerability. Tracked as CVE-2022-42889 the flaw was discovered in Apache Commons Text.

The vulnerability was discovered in March 2022 by GitHub Security Labs researcher Alvaro Munoz.

The vulnerability allows Remote Code Execution (RCE) in Apache Commons Text. The “Common Text” library is commonly used in a variety of applications and this could be the reason for the media frenzy.

The bug affects the Apache Commons Text Java library, which provides other methods for working with strings that go beyond the core of Java.

The vulnerability has a severity of 9.8 out of a possible 10.0 and affects versions 1.5 to 1.9 of the library. Once the vulnerability is successfully exploited, an attacker can establish a reverse shell connection with the vulnerable application by simply using a specially crafted payload, which ultimately opens the door to subsequent attacks.

“The attacker can send a crafted payload remotely using ‘script,’ ‘dns,’ and ‘url’ lookups to achieve arbitrary remote code execution,” explained the Zscaler ThreatLabZ team.

According to security experts, Text4Shell is similar to the popular Log4Shell vulnerability. Just like Log4Shell, Text4Shell is rooted in the way string substitutions are performed during DNS, script, and URL searches, which could lead to the execution of arbitrary code on vulnerable systems if untrusted input is passed.

However, Wordfence explained that the chances of successful exploitation are considerably limited compared to Log4j, as most of the payloads observed so far are designed to look for vulnerable installations.

“Fortunately, not all users of this library would be affected by this vulnerability – unlike Log4j in the Log4Shell vulnerability, which, which was vulnerable even in its most basic use-cases. Apache Commons Text must be used in a certain way to expose the attack surface and make the vulnerability exploitable,” said Checkmarx researcher Yaniv Nizry.

The bug highlights another drawback and security risk posed by third-party open-source dependencies. Therefore, it is important for organizations to perform routine checks to evaluate their attack surface and establish appropriate patch management strategies.

The sources for this piece include an article in TheHackerNews.

Summary
Hackers exploit new 'Text4Shell' vulnerability
Article Name
Hackers exploit new 'Text4Shell' vulnerability
Description
Wordfence, a WordPress security company, has uncovered attempts by hackers to exploit the new Text4Shell vulnerability. Tracked as CVE-2022-42889 the flaw was discovered in Apache Commons Text.
Author
Publisher Name
Tuxcare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Related Articles

How GPT models can be...

According to CyberArk researchers, GPT-based models like ChatGPT can be...

January 30, 2023

Attackers actively exploit Unpatched Control...

Malicious hackers have started exploiting a critical vulnerability CVE-2022-44877 in...

January 27, 2023

Attackers distribute malware via malicious...

Deep Instinct researchers reported that RATs like StrRAT and Ratty...

January 26, 2023

CircleCI partners AWS to identify...

According to CircleCI’s CTO, Rob Zuber, CircleCI is working with...

January 25, 2023

Cisco warns of authentication bypass...

A remote attacker could exploit multiple vulnerabilities in four Cisco...

January 24, 2023

IceID malware infiltrates Active Directory...

In a notable IcedID malware attack, the assailant impacted the...

January 23, 2023