Apache Commons Text packages (CVE-2022-42889)
1666279800000
This article provides an update on the recently discovered vulnerability in Apache Commons Text packages (CVE-2022-42889). This Remote Code Execution (RCE) attack can be carried out on the Apache Commons text packages from version 1.5 until version 1.9. Barracuda Web Application Firewall and WAF-as-a-Service protect against this attack out-of-the-box via the existing OS Command injection category of the Smart Signatures.
If you have customised the Violation Response policies, please make sure that the ACTION is not set to Allow Request or make No Action.
For any assistance with these settings or questions regarding the attack patterns, contact Barracuda Networks Technical Support.
For reference, please review the advisory from the Apache Software Foundation.
Did you like this update?
Leave your name and email so that we can reply to you (both fields are optional):
