Text4Shell is a vulnerability in the Java library Apache Commons Text. This vulnerability, in specific conditions, allows an attacker to execute arbitrary code on the victim's machine (Remote Code Execution or "RCE").
Customers can detect and protect their resources against Text4Shell vulnerability using Azurenative network security services, Azure Firewall Premium and Azure Web Application Firewall (WAF). You can utilize one of these services or both for multi-layered defense.
Customers using Azure Firewall Premium,and Azure WAF have enhanced protectionforthis RCE vulnerability from the get-go.Customers can protect their assets by upgrading their Apache Commons Text version to the patched version 1.10.However, there are situationswhen upgrading softwareis not an option or may take a long period of time. In such case, they canuse products like Azure Firewall Premiumand AzureWAF for protection.