Hello, I am reaching out to check if there are some IOC’s/payloads available to test WAF controls against CVE-2022-42889. Any help much appreciated.
Best answer by dave_klein
View original
Userlevel 2
+1
Siddesh,
We have created an Advanced Scenario Module test which will allow our customers to discover their existing Apache instances and test to see if they are in fact vulnerable to Text4Shell. Under Advanced Scenarios, Resources - do a search on “Text4Shell”. You will find Text4shell (CVE-2022-42889) URL Scanner. This test scans a single URL to detect if a target Apache web server is vulnerable to the Text4shell (CVE-2022-42889) vulnerability which in some instances allows remote code execution. NOTE: after a successful run, by default, a file will be created at /tmp/cymulate_text4shell on the target server.
Reply
Login to the community
No account yet? Create an account
Login
CUSTOMER / CYMULATE EMPLOYEE LOGINor
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.