Description |
This article describes the Text4Shell vulnerability detection with FortiDevSec.
CVE-2022-33980 vulnerability is a 0-day exploit discovered on a popular open-source Java library: Apache Commons Configuration. This zero-day can result in remote code execution, allowing the attacker to get full control of the target.
CVE-2022-42889 vulnerability is a 0-day exploit that was discovered on a popular open source Java library: Apache Commons Text. This zero-day can result in a remote code execution, allowing the attacker to get full control of the target.
Both Apache Commons vulnerabilities are sharing the same attack vector. |
Scope |
FortiDevSec Container scanner since version 22.4.a FortiDevSec SCA scanner updated in version 23.1 |
Solution |
Detection against those vulnerabilities are empowered by the FortiDevSec Software Composition Analysis (SCA) scanner.
This technology enables FortiDevSec to assess with high level of confidence if the application codebase is vulnerable to a specific vulnerability by identifying open source software dependencies.
Both vulnerabilities are also detected by the Container scanner which is identifying OS packages and open source dependencies in all container layers provided.
SCA and Container scanners are enabled by default.
A step-by-step guide on how to scan the application is available in the user guide.
For more details regarding mitigating the vulnerability by utilizing Fortinet products, refer to https://www.fortiguard.com/outbreak-alert/apache-commons-text-rce. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.