Maintained by the Apache Software Foundation (ASF), Apache is by far the most common web server run in the world. Doing a quick Shodan lookup as of this article’s publish date finds over 25 million Internet-reachable instances globally. Thus, the discovery of a remote code executable capable vulnerability this week in its Apache Common text library in its default configuration and dubbed Text4Shell should be taken seriously.
For instructions on using the test we created please see our Cymulate Community Post
Let Cymulate help!
We have created an Advanced Scenario that allows our customers to discover their existing Apache instances and test to see if they are in fact vulnerable to Text4Shell. If you are not a customer, Cymulate security validation experts will guide you so you can test as well.