Solved

CVE-2022-42889

  • 21 October 2022
  • 1 reply
  • 130 views

Badge

Hello, I am reaching out to check if there are some IOC’s/payloads available to test WAF controls against CVE-2022-42889. Any help much appreciated.

icon

Best answer by dave_klein 21 October 2022, 14:35

View original

1 reply

Userlevel 1
Badge +1

Siddesh,

We have created an Advanced Scenario Module test which will allow our customers to discover their existing Apache instances and test to see if they are in fact vulnerable to Text4Shell. Under Advanced Scenarios, Resources - do a search on “Text4Shell”. You will find Text4shell (CVE-2022-42889) URL Scanner. This test scans a single URL to detect if a target Apache web server is vulnerable to the Text4shell (CVE-2022-42889) vulnerability which in some instances allows remote code execution. NOTE: after a successful run, by default, a file will be created at /tmp/cymulate_text4shell on the target server.
 

Reply