Apache Commons Text Remote Code Execution Vulnerability (CVE-2022-42889)

Apache Commons Text Remote Code Execution Vulnerability (CVE-2022-42889)

4088
Created On 11/02/22 17:35 PM - Last Modified 07/16/25 21:40 PM


Environment


  • Palo Alto Firewalls 
  • Panorama
  • Supported PAN-OS

Cause


  • The new CVE-2022-42889 vulnerability in Apache Commons Text, dubbed "Text4Shell," is caused by unsafe script evaluation by the interpolation system that could trigger code execution when processing malicious input in the library's default configuration.
  • Apache is prone to a remote code execution vulnerability while parsing certain crafted HTTP requests. The vulnerability is due to the lack of proper checks on HTTP requests, leading to an exploitable remote code execution vulnerability. An attacker could exploit the vulnerability by sending crafted HTTP requests. A successful attack could lead to remote code execution with the privileges of the server.  

Resolution


  1. PAN-OS and Panorama are not impacted as we don't use apache common library.
  2. We have released coverage with threat id 93157.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000kF2KCAU&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language