Hackers try to exploit new ‘Text4Shell’ vulnerability

Share post:

Wordfence, a WordPress security company, has discovered exploitation attempts by hackers targeting the new Text4Shell vulnerability. Tracked as CVE-2022-42889, the vulnerability was discovered on October 18, 2022, in the Apache Commons text.

The vulnerability has a severity of 9.8 out of a possible 10.0 and affects versions 1.5 to 1.9 of the library. Once the vulnerability is successfully exploited, an attacker can establish a reverse shell connection to the vulnerable application by simply using a specially crafted payload, which ultimately opens the door to subsequent attacks.

“The attacker can send a crafted payload remotely using ‘script’,’ ‘dns,’ and ‘url’ lookups to achieve arbitrary remote code execution,” the Zscaler ThreatLabZ team explained.

According to security experts, Text4Shell is similar to the popular Log4Shell vulnerability. Just like Log4Shell, Text4Shell is rooted in the way string substitutions are performed during DNS, script, and URL lookups which could lead to the execution of arbitrary code on susceptible systems when passing untrusted input.

However, Wordfence explained that the chances of successful exploitation are considerably limited compared to Log4j, as most of the payloads observed so far are designed to look for vulnerable installations.

“Fortunately, not all users of this library would be affected by this vulnerability – unlike Log4j in the Log4Shell vulnerability, which, which was vulnerable even in its most basic use-cases. Apache Commons Text must be used in a certain way to expose the attack surface and make the vulnerability,” said Checkmarx researcher Yaniv Nizry.

The sources for this piece include an article in TheHackerNews.

SUBSCRIBE NOW

Related articles

North Korean Job Scam Targeting IT Job Seekers

North Korea’s Lazarus advanced persistent threat (APT) group has launched a sophisticated campaign, “Operation 99,” targeting freelance software...

Hackers Exploit FastHTTP in High-Speed Microsoft 365 Attacks

Threat actors are employing the FastHTTP Go library to launch high-speed brute-force password attacks on Microsoft 365 accounts...

YouTubers Targeted As Cyberattackers Hide Infostealers in YouTube Comments, Google Search Results

Attackers have found a new way to infect people seeking pirated or cracked software: planting malicious download links...

New macOS Malware Exploits Apple’s Security Features to Stay Hidden and Steal User Data

A newly discovered variant of the Banshee macOS Stealer malware is putting 100 million Apple users at risk...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways