"Hackers Started Exploiting Critical 'Text4Shell' Apache Commons Text Vulnerability"

Wordfence, a WordPress security company, announced that it began detecting exploitation attempts targeting the newly disclosed Apache Commons Text flaw on October 18, 2022. The vulnerability, CVE-2022-42889, also known as Text4Shell, has been assigned a CVSS severity rating of 9.8 and affects the library's versions 1.5 through 1.9. It is also similar to the Log4Shell vulnerability in that string substitutions performed during DNS, script, and URL lookups can lead to the execution of arbitrary code on vulnerable systems when untrusted input is passed. Exploiting the flaw successfully allows a threat actor to open a reverse shell connection with the vulnerable application using a specially crafted payload, effectively opening the door for follow-on attacks. When compared to Log4j, the likelihood of successful exploitation is significantly reduced, with the majority of payloads observed thus far designed to scan for vulnerable installations, according to Wordfence. This article continues to discuss the Text4Shell Apache Commons text vulnerability.

THN reports "Hackers Started Exploiting Critical 'Text4Shell' Apache Commons Text Vulnerability"