Vulnerabilites related to apache - tapestry
Vulnerability from fkie_nvd
Published
2015-08-22 23:59
Modified
2025-04-12 10:46
Severity ?
Summary
Apache Tapestry before 5.3.6 relies on client-side object storage without checking whether a client has modified an object, which allows remote attackers to cause a denial of service (resource consumption) or execute arbitrary code via crafted serialized data.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tapestry:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37A5ED8D-280E-48EA-BED5-84083DBC0015",
"versionEndIncluding": "5.3.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache Tapestry before 5.3.6 relies on client-side object storage without checking whether a client has modified an object, which allows remote attackers to cause a denial of service (resource consumption) or execute arbitrary code via crafted serialized data."
},
{
"lang": "es",
"value": "Vulnerabilidad en Apache Tapestry en versiones anteriores a 5.3.6, conf\u00eda en el almacenamiento de objetos del lado del cliente sin comprobar si un cliente ha modificado un objeto, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de recursos) o ejecuci\u00f3n de c\u00f3digo arbitario a trav\u00e9s de datos serializados manipulados."
}
],
"id": "CVE-2014-1972",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-08-22T23:59:00.093",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN17611367/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000118"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://seclists.org/fulldisclosure/2019/Aug/20"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.openwall.com/lists/oss-security/2019/08/23/5"
},
{
"source": "vultures@jpcert.or.jp",
"url": "https://issues.apache.org/jira/browse/TAP5-2008"
},
{
"source": "vultures@jpcert.or.jp",
"url": "https://lists.apache.org/thread.html/84e99dedad2ecb4676de93c3ab73a8a10882951ab6984f514707f3d9%40%3Cusers.tapestry.apache.org%3E"
},
{
"source": "vultures@jpcert.or.jp",
"url": "https://lists.apache.org/thread.html/bac8d6f9e1b4059b319d9cba6f33219a99b81623476ec896138f851c%40%3Cusers.tapestry.apache.org%3E"
},
{
"source": "vultures@jpcert.or.jp",
"url": "https://lists.apache.org/thread.html/r7d9c54beb1dc97dcccc58d9b5d31f0f7166f9a25ad1beba5f8091e0c%40%3Ccommits.tapestry.apache.org%3E"
},
{
"source": "vultures@jpcert.or.jp",
"url": "https://lists.apache.org/thread.html/r87523dd07886223aa086edc25fe9b8ddb9c1090f7db25b068dc30843%40%3Ccommits.tapestry.apache.org%3E"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://tapestry.apache.org/release-notes-536.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN17611367/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000118"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2019/Aug/20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2019/08/23/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.apache.org/jira/browse/TAP5-2008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/84e99dedad2ecb4676de93c3ab73a8a10882951ab6984f514707f3d9%40%3Cusers.tapestry.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/bac8d6f9e1b4059b319d9cba6f33219a99b81623476ec896138f851c%40%3Cusers.tapestry.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r7d9c54beb1dc97dcccc58d9b5d31f0f7166f9a25ad1beba5f8091e0c%40%3Ccommits.tapestry.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r87523dd07886223aa086edc25fe9b8ddb9c1090f7db25b068dc30843%40%3Ccommits.tapestry.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tapestry.apache.org/release-notes-536.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-16 16:15
Modified
2024-11-21 04:16
Severity ?
Summary
Manipulating classpath asset file URLs, an attacker could guess the path to a known file in the classpath and have it downloaded. If the attacker found the file with the value of the tapestry.hmac-passphrase configuration symbol, most probably the webapp's AppModule class, the value of this symbol could be used to craft a Java deserialization attack, thus running malicious injected Java code. The vector would be the t:formdata parameter from the Form component.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tapestry:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5AB47FEF-7534-4DC0-898C-6989B54F194C",
"versionEndIncluding": "5.4.3",
"versionStartIncluding": "5.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Manipulating classpath asset file URLs, an attacker could guess the path to a known file in the classpath and have it downloaded. If the attacker found the file with the value of the tapestry.hmac-passphrase configuration symbol, most probably the webapp\u0027s AppModule class, the value of this symbol could be used to craft a Java deserialization attack, thus running malicious injected Java code. The vector would be the t:formdata parameter from the Form component."
},
{
"lang": "es",
"value": "Manipulando las URL de los archivos asset del classpath, un atacante podr\u00eda adivinar la ruta (path) hacia un archivo conocido en el classpath y descargarlo. Si el atacante encontr\u00f3 el archivo con el valor del s\u00edmbolo de configuraci\u00f3n de tapestry.hmac-passphrase, m\u00e1s probablemente la clase AppModule de la aplicaci\u00f3n web, el valor de este s\u00edmbolo podr\u00eda ser usado para dise\u00f1ar un ataque de deserializaci\u00f3n de Java, ejecutando as\u00ed un c\u00f3digo Java inyectado malicioso. El vector ser\u00eda el par\u00e1metro t:formdata del componente Form."
}
],
"id": "CVE-2019-0195",
"lastModified": "2024-11-21T04:16:27.610",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-16T16:15:10.007",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/15/1"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/5173c4eed06e2fca6fd5576ed723ff6bb1711738ec515cb51a04ab24%40%3Cusers.tapestry.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/6c40c1e03d2131119f9b77882431a0050f02bf9cae9ee48b84d012df%40%3Cusers.tapestry.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/a4092cb3bacb143571024e79c0016c039b6c982423daa33a7a5c794a%40%3Cusers.tapestry.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r237ff7f286bda31682c254550c1ebf92b0ec61329b32fbeb2d1c8751%40%3Cusers.tapestry.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r7d9c54beb1dc97dcccc58d9b5d31f0f7166f9a25ad1beba5f8091e0c%40%3Ccommits.tapestry.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r87523dd07886223aa086edc25fe9b8ddb9c1090f7db25b068dc30843%40%3Ccommits.tapestry.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/15/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/5173c4eed06e2fca6fd5576ed723ff6bb1711738ec515cb51a04ab24%40%3Cusers.tapestry.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/6c40c1e03d2131119f9b77882431a0050f02bf9cae9ee48b84d012df%40%3Cusers.tapestry.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/a4092cb3bacb143571024e79c0016c039b6c982423daa33a7a5c794a%40%3Cusers.tapestry.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r237ff7f286bda31682c254550c1ebf92b0ec61329b32fbeb2d1c8751%40%3Cusers.tapestry.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r7d9c54beb1dc97dcccc58d9b5d31f0f7166f9a25ad1beba5f8091e0c%40%3Ccommits.tapestry.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r87523dd07886223aa086edc25fe9b8ddb9c1090f7db25b068dc30843%40%3Ccommits.tapestry.apache.org%3E"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-08 13:15
Modified
2024-11-21 05:08
Severity ?
Summary
A Java Serialization vulnerability was found in Apache Tapestry 4. Apache Tapestry 4 will attempt to deserialize the "sp" parameter even before invoking the page's validate method, leading to deserialization without authentication. Apache Tapestry 4 reached end of life in 2008 and no update to address this issue will be released. Apache Tapestry 5 versions are not vulnerable to this issue. Users of Apache Tapestry 4 should upgrade to the latest Apache Tapestry 5 version.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tapestry:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15BF38DE-E119-46EE-A9D7-8F84B868E106",
"versionEndExcluding": "5.0.1",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Java Serialization vulnerability was found in Apache Tapestry 4. Apache Tapestry 4 will attempt to deserialize the \"sp\" parameter even before invoking the page\u0027s validate method, leading to deserialization without authentication. Apache Tapestry 4 reached end of life in 2008 and no update to address this issue will be released. Apache Tapestry 5 versions are not vulnerable to this issue. Users of Apache Tapestry 4 should upgrade to the latest Apache Tapestry 5 version."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad de serializaci\u00f3n de Java en Apache Tapestry versi\u00f3n 4. Apache Tapestry versi\u00f3n 4 intentar\u00e1 deserializar el par\u00e1metro \"sp\" inclusive antes de invocar el m\u00e9todo de comprobaci\u00f3n de la p\u00e1gina, lo que conlleva a una deserializaci\u00f3n sin autenticaci\u00f3n.\u0026#xa0;Apache Tapestry versi\u00f3n 4 lleg\u00f3 al final de su vida \u00fatil en 2008 y no ser\u00e1 publicada ninguna actualizaci\u00f3n para abordar este problema.\u0026#xa0;Las versiones de Apache Tapestry 5 no son vulnerables a este problema.\u0026#xa0;Los usuarios de Apache Tapestry versi\u00f3n 4 deben actualizar a la \u00faltima versi\u00f3n de Apache Tapestry 5"
}
],
"id": "CVE-2020-17531",
"lastModified": "2024-11-21T05:08:18.797",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-08T13:15:13.010",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/12/02/1"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r700a6aa234dbff0555d4187bdc8274d7e4c0afbf35b9a3457f09ee76%40%3Cusers.tapestry.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r700a6aa234dbff0555d4187bdc8274d7e4c0afbf35b9a3457f09ee76%40%3Cusers.tapestry.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210115-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/12/02/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r700a6aa234dbff0555d4187bdc8274d7e4c0afbf35b9a3457f09ee76%40%3Cusers.tapestry.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r700a6aa234dbff0555d4187bdc8274d7e4c0afbf35b9a3457f09ee76%40%3Cusers.tapestry.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210115-0007/"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "security@apache.org",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-27 19:15
Modified
2024-11-21 06:04
Severity ?
Summary
Information Exposure vulnerability in context asset handling of Apache Tapestry allows an attacker to download files inside WEB-INF if using a specially-constructed URL. This was caused by an incomplete fix for CVE-2020-13953. This issue affects Apache Tapestry Apache Tapestry 5.4.0 version to Apache Tapestry 5.6.3; Apache Tapestry 5.7.0 version and Apache Tapestry 5.7.1.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tapestry:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A0DF29E-DB18-435F-AEEE-BBE15AB58102",
"versionEndExcluding": "5.6.4",
"versionStartIncluding": "5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tapestry:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CAB95899-BCFE-4B01-AB69-3F4C02617313",
"versionEndExcluding": "5.7.2",
"versionStartIncluding": "5.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Information Exposure vulnerability in context asset handling of Apache Tapestry allows an attacker to download files inside WEB-INF if using a specially-constructed URL. This was caused by an incomplete fix for CVE-2020-13953. This issue affects Apache Tapestry Apache Tapestry 5.4.0 version to Apache Tapestry 5.6.3; Apache Tapestry 5.7.0 version and Apache Tapestry 5.7.1."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Exposici\u00f3n de Informaci\u00f3n en el manejo de activos de contexto de Apache Tapestry, permite a un atacante descargar archivos dentro de WEB-INF si usa una URL especialmente construida.\u0026#xa0;Esto fue causado por una correcci\u00f3n incompleta para CVE-2020-13953.\u0026#xa0;Este problema afecta a Apache Tapestry Apache Tapestry versi\u00f3n 5.4.0 a Apache Tapestry 5.6.3;\u0026#xa0;Apache Tapestry 5.7.0 versi\u00f3n y Apache Tapestry 5.7.1"
}
],
"id": "CVE-2021-30638",
"lastModified": "2024-11-21T06:04:20.593",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-27T19:15:07.733",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/27/3"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r37dab61fc7f7088d4311e7f995ef4117d58d86a675f0256caa6991eb%40%3Cusers.tapestry.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210528-0004/"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-491/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/27/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r37dab61fc7f7088d4311e7f995ef4117d58d86a675f0256caa6991eb%40%3Cusers.tapestry.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210528-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-491/"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security@apache.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-13 08:15
Modified
2024-11-21 07:05
Severity ?
Summary
Apache Tapestry up to version 5.8.1 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles Content Types. Specially crafted Content Types may cause catastrophic backtracking, taking exponential time to complete. Specifically, this is about the regular expression used on the parameter of the org.apache.tapestry5.http.ContentType class. Apache Tapestry 5.8.2 has a fix for this vulnerability. Notice the vulnerability cannot be triggered by web requests in Tapestry code alone. It would only happen if there's some non-Tapestry codepath passing some outside input to the ContentType class constructor.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | https://www.openwall.com/lists/oss-security/2022/07/12/3 | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openwall.com/lists/oss-security/2022/07/12/3 | Mailing List, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tapestry:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74B1B9B9-B0DD-42B4-86BE-587593E365E3",
"versionEndExcluding": "5.8.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache Tapestry up to version 5.8.1 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles Content Types. Specially crafted Content Types may cause catastrophic backtracking, taking exponential time to complete. Specifically, this is about the regular expression used on the parameter of the org.apache.tapestry5.http.ContentType class. Apache Tapestry 5.8.2 has a fix for this vulnerability. Notice the vulnerability cannot be triggered by web requests in Tapestry code alone. It would only happen if there\u0027s some non-Tapestry codepath passing some outside input to the ContentType class constructor."
},
{
"lang": "es",
"value": "Apache Tapestry versiones hasta 5.8.1 es vulnerable a una Denegaci\u00f3n de Servicio por Expresi\u00f3n Regular (ReDoS) en la forma en que maneja los Tipos de Contenido. Los Tipos de Contenido especialmente dise\u00f1ados pueden causar un retroceso catastr\u00f3fico, tardando un tiempo exponencial en completarse. En concreto, esto es acerca de la expresi\u00f3n regular usada en el par\u00e1metro de la clase org.apache.tapestry5.http.ContentType. Apache Tapestry versi\u00f3n 5.8.2 presenta una correcci\u00f3n para esta vulnerabilidad. Obs\u00e9rvese que la vulnerabilidad no puede ser desencadenada s\u00f3lo por peticiones web en el c\u00f3digo de Tapestry. S\u00f3lo ocurrir\u00eda si se presenta alg\u00fan codepath no Tapestry pasando alguna entrada externa al constructor de la clase ContentType"
}
],
"id": "CVE-2022-31781",
"lastModified": "2024-11-21T07:05:18.387",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-13T08:15:07.213",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2022/07/12/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2022/07/12/3"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1333"
}
],
"source": "security@apache.org",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-1333"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-15 08:15
Modified
2024-11-21 05:58
Severity ?
Summary
A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of CVE-2019-0195 it was possible to download arbitrary class files from the classpath by providing a crafted asset file URL. An attacker was able to download the file `AppModule.class` by requesting the URL `http://localhost:8080/assets/something/services/AppModule.class` which contains a HMAC secret key. The fix for that bug was a blacklist filter that checks if the URL ends with `.class`, `.properties` or `.xml`. Bypass: Unfortunately, the blacklist solution can simply be bypassed by appending a `/` at the end of the URL: `http://localhost:8080/assets/something/services/AppModule.class/` The slash is stripped after the blacklist check and the file `AppModule.class` is loaded into the response. This class usually contains the HMAC secret key which is used to sign serialized Java objects. With the knowledge of that key an attacker can sign a Java gadget chain that leads to RCE (e.g. CommonsBeanUtils1 from ysoserial). Solution for this vulnerability: * For Apache Tapestry 5.4.0 to 5.6.1, upgrade to 5.6.2 or later. * For Apache Tapestry 5.7.0, upgrade to 5.7.1 or later.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://www.openwall.com/lists/oss-security/2021/04/15/1 | Exploit, Mailing List, Third Party Advisory | |
| security@apache.org | https://lists.apache.org/thread.html/r237ff7f286bda31682c254550c1ebf92b0ec61329b32fbeb2d1c8751%40%3Cusers.tapestry.apache.org%3E | Mailing List, Vendor Advisory | |
| security@apache.org | https://security.netapp.com/advisory/ntap-20210528-0002/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2021/04/15/1 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r237ff7f286bda31682c254550c1ebf92b0ec61329b32fbeb2d1c8751%40%3Cusers.tapestry.apache.org%3E | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20210528-0002/ | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tapestry:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5611789E-E882-49FF-9E33-A8612A394FE5",
"versionEndExcluding": "5.6.2",
"versionStartIncluding": "5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tapestry:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4709FF63-6606-413B-941E-3E58DDA96203",
"versionEndExcluding": "5.7.1",
"versionStartIncluding": "5.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of CVE-2019-0195 it was possible to download arbitrary class files from the classpath by providing a crafted asset file URL. An attacker was able to download the file `AppModule.class` by requesting the URL `http://localhost:8080/assets/something/services/AppModule.class` which contains a HMAC secret key. The fix for that bug was a blacklist filter that checks if the URL ends with `.class`, `.properties` or `.xml`. Bypass: Unfortunately, the blacklist solution can simply be bypassed by appending a `/` at the end of the URL: `http://localhost:8080/assets/something/services/AppModule.class/` The slash is stripped after the blacklist check and the file `AppModule.class` is loaded into the response. This class usually contains the HMAC secret key which is used to sign serialized Java objects. With the knowledge of that key an attacker can sign a Java gadget chain that leads to RCE (e.g. CommonsBeanUtils1 from ysoserial). Solution for this vulnerability: * For Apache Tapestry 5.4.0 to 5.6.1, upgrade to 5.6.2 or later. * For Apache Tapestry 5.7.0, upgrade to 5.7.1 or later."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad cr\u00edtica de ejecuci\u00f3n de c\u00f3digo remota no autenticado en todas las versiones recientes de Apache Tapestry.\u0026#xa0;Las versiones afectadas incluyen 5.4.5, 5.5.0, 5.6.2 y 5.7.0.\u0026#xa0;La vulnerabilidad encontrada es un desv\u00edo de la soluci\u00f3n para CVE-2019-0195.\u0026#xa0;Resumen: versiones anteriores a correcci\u00f3n de CVE-2019-0195, era posible descargar archivos de clases arbitrarios desde la ruta de clases proporcionando una URL de archivo de activos dise\u00f1ada.\u0026#xa0;Un atacante pudo descargar el archivo \"AppModule.class\" al requerir la URL \"http://localhost:8080/assets/something/services/AppModule.class\" que contiene una clave secreta HMAC.\u0026#xa0;La correcci\u00f3n para ese error fue un filtro de lista negra que verifica si la URL termina con \".class\",\" properties\" o \".xml\".\u0026#xa0;Omitir: Desafortunadamente, la soluci\u00f3n de lista negra puede simplemente ser omitida al agregar un \"/` al final de la URL: \"http: // localhost:8080/assets/something/services/AppModule.class/\". La barra es eliminada despu\u00e9s de la comprobaci\u00f3n de la lista negra y el archivo` AppModule.class` se carga en la respuesta.\u0026#xa0;Esta clase generalmente contiene la clave secreta HMAC que es usada para firmar objetos Java serializados.\u0026#xa0;Con el conocimiento de esa clave, un atacante puede firmar una cadena de dispositivos Java que conlleva a una RCE (por ejemplo, CommonsBeanUtils1 de ysoserial).\u0026#xa0;Soluci\u00f3n para esta vulnerabilidad: *Para Apache Tapestry versiones 5.4.0 hasta 5.6.1, actualice a versiones 5.6.2 o posteriores.\u0026#xa0;*Para Apache Tapestry versi\u00f3n 5.7.0, actualice a versiones 5.7.1 o posteriores"
}
],
"id": "CVE-2021-27850",
"lastModified": "2024-11-21T05:58:38.010",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-15T08:15:14.823",
"references": [
{
"source": "security@apache.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/15/1"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r237ff7f286bda31682c254550c1ebf92b0ec61329b32fbeb2d1c8751%40%3Cusers.tapestry.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210528-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/15/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r237ff7f286bda31682c254550c1ebf92b0ec61329b32fbeb2d1c8751%40%3Cusers.tapestry.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210528-0002/"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "security@apache.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-16 17:15
Modified
2024-11-21 04:16
Severity ?
Summary
Tapestry processes assets `/assets/ctx` using classes chain `StaticFilesFilter -> AssetDispatcher -> ContextResource`, which doesn't filter the character `\`, so attacker can perform a path traversal attack to read any files on Windows platform.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tapestry:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0BFB1695-4A44-4393-ABBA-F2ED486B24F9",
"versionEndIncluding": "5.4.4",
"versionStartIncluding": "5.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tapestry processes assets `/assets/ctx` using classes chain `StaticFilesFilter -\u003e AssetDispatcher -\u003e ContextResource`, which doesn\u0027t filter the character `\\`, so attacker can perform a path traversal attack to read any files on Windows platform."
},
{
"lang": "es",
"value": "Tapestry procesa los assets \"/assets/ctx\" usando una cadena de clases \"StaticFilesFilter -) AssetDispatcher -) ContextResource\", que no filtra el car\u00e1cter \"\\\", por lo que el atacante puede realizar un ataque de salto de directorio para leer cualquier archivo sobre la plataforma Windows."
}
],
"id": "CVE-2019-0207",
"lastModified": "2024-11-21T04:16:29.353",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-16T17:15:13.183",
"references": [
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/765be3606d865de513f6df9288842c3cf58b09a987c617a535f2b99d%40%3Cusers.tapestry.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/bac8d6f9e1b4059b319d9cba6f33219a99b81623476ec896138f851c%40%3Cusers.tapestry.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r7d9c54beb1dc97dcccc58d9b5d31f0f7166f9a25ad1beba5f8091e0c%40%3Ccommits.tapestry.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r87523dd07886223aa086edc25fe9b8ddb9c1090f7db25b068dc30843%40%3Ccommits.tapestry.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/765be3606d865de513f6df9288842c3cf58b09a987c617a535f2b99d%40%3Cusers.tapestry.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/bac8d6f9e1b4059b319d9cba6f33219a99b81623476ec896138f851c%40%3Cusers.tapestry.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r7d9c54beb1dc97dcccc58d9b5d31f0f7166f9a25ad1beba5f8091e0c%40%3Ccommits.tapestry.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r87523dd07886223aa086edc25fe9b8ddb9c1090f7db25b068dc30843%40%3Ccommits.tapestry.apache.org%3E"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-16 18:15
Modified
2024-11-21 04:18
Severity ?
Summary
The code which checks HMAC in form submissions used String.equals() for comparisons, which results in a timing side channel for the comparison of the HMAC signatures. This could lead to remote code execution if an attacker is able to determine the correct signature for their payload. The comparison should be done with a constant time algorithm instead.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tapestry:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5AB47FEF-7534-4DC0-898C-6989B54F194C",
"versionEndIncluding": "5.4.3",
"versionStartIncluding": "5.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The code which checks HMAC in form submissions used String.equals() for comparisons, which results in a timing side channel for the comparison of the HMAC signatures. This could lead to remote code execution if an attacker is able to determine the correct signature for their payload. The comparison should be done with a constant time algorithm instead."
},
{
"lang": "es",
"value": "El c\u00f3digo que comprueba el HMAC en los env\u00edos de formularios us\u00f3 la funci\u00f3n String.equals() para las comparaciones, lo que resulta en un canal lateral de sincronizaci\u00f3n para la comparaci\u00f3n de las firmas HMAC. Esto podr\u00eda conllevar a la ejecuci\u00f3n de c\u00f3digo remota si un atacante es capaz de determinar la firma correcta para su carga \u00fatil. La comparaci\u00f3n deber\u00eda ser hecha en su lugar con un algoritmo de tiempo constante."
}
],
"id": "CVE-2019-10071",
"lastModified": "2024-11-21T04:18:20.350",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-16T18:15:10.360",
"references": [
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/6e8f42c88da7be3c60aafe3f6a85eb00b4f8b444de26b38d36233a43%40%3Cusers.tapestry.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/7a437dad5af7309aba4d01bfc2463b3ac34e6aafaa565381d3a36460%40%3Cusers.tapestry.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/bac8d6f9e1b4059b319d9cba6f33219a99b81623476ec896138f851c%40%3Cusers.tapestry.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r7d9c54beb1dc97dcccc58d9b5d31f0f7166f9a25ad1beba5f8091e0c%40%3Ccommits.tapestry.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r87523dd07886223aa086edc25fe9b8ddb9c1090f7db25b068dc30843%40%3Ccommits.tapestry.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/6e8f42c88da7be3c60aafe3f6a85eb00b4f8b444de26b38d36233a43%40%3Cusers.tapestry.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/7a437dad5af7309aba4d01bfc2463b3ac34e6aafaa565381d3a36460%40%3Cusers.tapestry.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/bac8d6f9e1b4059b319d9cba6f33219a99b81623476ec896138f851c%40%3Cusers.tapestry.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r7d9c54beb1dc97dcccc58d9b5d31f0f7166f9a25ad1beba5f8091e0c%40%3Ccommits.tapestry.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r87523dd07886223aa086edc25fe9b8ddb9c1090f7db25b068dc30843%40%3Ccommits.tapestry.apache.org%3E"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-30 18:15
Modified
2024-11-21 05:02
Severity ?
Summary
In Apache Tapestry from 5.4.0 to 5.5.0, crafting specific URLs, an attacker can download files inside the WEB-INF folder of the WAR being run.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tapestry:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A0DF29E-DB18-435F-AEEE-BBE15AB58102",
"versionEndExcluding": "5.6.4",
"versionStartIncluding": "5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tapestry:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CAB95899-BCFE-4B01-AB69-3F4C02617313",
"versionEndExcluding": "5.7.2",
"versionStartIncluding": "5.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Apache Tapestry from 5.4.0 to 5.5.0, crafting specific URLs, an attacker can download files inside the WEB-INF folder of the WAR being run."
},
{
"lang": "es",
"value": "En Apache Tapestry versiones 5.4.0 hasta 5.5.0, al dise\u00f1ar unas URL espec\u00edficas, un atacante puede descargar archivos dentro de la carpeta WEB-INF de la WAR que se est\u00e1 ejecutando"
}
],
"id": "CVE-2020-13953",
"lastModified": "2024-11-21T05:02:13.517",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-30T18:15:21.317",
"references": [
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r37dab61fc7f7088d4311e7f995ef4117d58d86a675f0256caa6991eb%40%3Cusers.tapestry.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r50eb12e8a12074a9b7ed63cbab91d180d19cc23dc1da3ed5b6e1280f%40%3Cusers.tapestry.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r37dab61fc7f7088d4311e7f995ef4117d58d86a675f0256caa6991eb%40%3Cusers.tapestry.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r50eb12e8a12074a9b7ed63cbab91d180d19cc23dc1da3ed5b6e1280f%40%3Cusers.tapestry.apache.org%3E"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-552"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-02 14:15
Modified
2024-11-21 07:30
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Apache Tapestry 3.x allows deserialization of untrusted data, leading to remote code execution. This issue is similar to but distinct from CVE-2020-17531, which applies the the (also unsupported) 4.x version line. NOTE: This vulnerability only affects Apache Tapestry version line 3.x, which is no longer supported by the maintainer. Users are recommended to upgrade to a supported version line of Apache Tapestry.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://www.openwall.com/lists/oss-security/2022/12/02/1 | Mailing List, Third Party Advisory | |
| security@apache.org | https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0041/MNDT-2022-0041.md | Third Party Advisory | |
| security@apache.org | https://lists.apache.org/thread/bwn1vjrvz1hq0wbdzj23wz322244swhj | Issue Tracking, Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2022/12/02/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0041/MNDT-2022-0041.md | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/bwn1vjrvz1hq0wbdzj23wz322244swhj | Issue Tracking, Mailing List, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tapestry:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4364FAE-8835-4660-9187-EBF8DF48FCC7",
"versionEndExcluding": "4.0.0",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "security@apache.org",
"tags": [
"unsupported-when-assigned"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Apache Tapestry 3.x allows deserialization of untrusted data, leading to remote code execution. This issue is similar to but distinct from CVE-2020-17531, which applies the the (also unsupported) 4.x version line. NOTE: This vulnerability only affects Apache Tapestry version line 3.x, which is no longer supported by the maintainer. Users are recommended to upgrade to a supported version line of Apache Tapestry."
},
{
"lang": "es",
"value": "Apache Tapestry 3.x permite la deserializaci\u00f3n de datos que no son de confianza, lo que lleva a la ejecuci\u00f3n remota de c\u00f3digo. Este problema es similar pero distinto de CVE-2020-17531, que aplica la l\u00ednea de versi\u00f3n 4.x (tampoco compatible). NOTA: Esta vulnerabilidad solo afecta a la versi\u00f3n 3.x de Apache Tapestry, que ya no es compatible con el fabricante. Se recomienda a los usuarios actualizar a una l\u00ednea de versi\u00f3n compatible de Apache Tapestry."
}
],
"id": "CVE-2022-46366",
"lastModified": "2024-11-21T07:30:28.337",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-12-02T14:15:10.223",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/12/02/1"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0041/MNDT-2022-0041.md"
},
{
"source": "security@apache.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/bwn1vjrvz1hq0wbdzj23wz322244swhj"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/12/02/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0041/MNDT-2022-0041.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/bwn1vjrvz1hq0wbdzj23wz322244swhj"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "security@apache.org",
"type": "Primary"
}
]
}
CVE-2020-17531 (GCVE-0-2020-17531)
Vulnerability from cvelistv5
Published
2020-12-08 00:00
Modified
2024-08-04 14:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Summary
A Java Serialization vulnerability was found in Apache Tapestry 4. Apache Tapestry 4 will attempt to deserialize the "sp" parameter even before invoking the page's validate method, leading to deserialization without authentication. Apache Tapestry 4 reached end of life in 2008 and no update to address this issue will be released. Apache Tapestry 5 versions are not vulnerable to this issue. Users of Apache Tapestry 4 should upgrade to the latest Apache Tapestry 5 version.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Tapestry |
Version: Apache Tapestry 4 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:00:48.808Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r700a6aa234dbff0555d4187bdc8274d7e4c0afbf35b9a3457f09ee76%40%3Cusers.tapestry.apache.org%3E"
},
{
"name": "[tapestry-users] 20201208 CVE-2020-17531: Deserialization flaw in EOL Tapestry 4.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r700a6aa234dbff0555d4187bdc8274d7e4c0afbf35b9a3457f09ee76%40%3Cusers.tapestry.apache.org%3E"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210115-0007/"
},
{
"name": "[oss-security] 20221202 CVE-2022-46366: Apache Tapestry prior to version 4 (EOL) allows RCE though deserialization of untrusted input",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/12/02/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Tapestry",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "4",
"status": "affected",
"version": "Apache Tapestry 4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Apache Tapestry would like to thank Adrian Bravo (@adrianbravon) for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"value": "A Java Serialization vulnerability was found in Apache Tapestry 4. Apache Tapestry 4 will attempt to deserialize the \"sp\" parameter even before invoking the page\u0027s validate method, leading to deserialization without authentication. Apache Tapestry 4 reached end of life in 2008 and no update to address this issue will be released. Apache Tapestry 5 versions are not vulnerable to this issue. Users of Apache Tapestry 4 should upgrade to the latest Apache Tapestry 5 version."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-02T00:00:00",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"url": "https://lists.apache.org/thread.html/r700a6aa234dbff0555d4187bdc8274d7e4c0afbf35b9a3457f09ee76%40%3Cusers.tapestry.apache.org%3E"
},
{
"name": "[tapestry-users] 20201208 CVE-2020-17531: Deserialization flaw in EOL Tapestry 4.",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r700a6aa234dbff0555d4187bdc8274d7e4c0afbf35b9a3457f09ee76%40%3Cusers.tapestry.apache.org%3E"
},
{
"url": "https://security.netapp.com/advisory/ntap-20210115-0007/"
},
{
"name": "[oss-security] 20221202 CVE-2022-46366: Apache Tapestry prior to version 4 (EOL) allows RCE though deserialization of untrusted input",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/12/02/1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Deserialization flaw in EOL Tapestry 4.",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2020-17531",
"datePublished": "2020-12-08T00:00:00",
"dateReserved": "2020-08-12T00:00:00",
"dateUpdated": "2024-08-04T14:00:48.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13953 (GCVE-0-2020-13953)
Vulnerability from cvelistv5
Published
2020-09-30 16:51
Modified
2024-08-04 12:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information Disclosure
Summary
In Apache Tapestry from 5.4.0 to 5.5.0, crafting specific URLs, an attacker can download files inside the WEB-INF folder of the WAR being run.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Apache Tapestry |
Version: Apache Tapestry from 5.4.0 to 5.5.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:32:14.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r50eb12e8a12074a9b7ed63cbab91d180d19cc23dc1da3ed5b6e1280f%40%3Cusers.tapestry.apache.org%3E"
},
{
"name": "[tapestry-users] 20210427 CVE-2021-30638: An Information Disclosure due to insufficient input validation exists in Apache Tapestry 5.4.0 and later",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r37dab61fc7f7088d4311e7f995ef4117d58d86a675f0256caa6991eb%40%3Cusers.tapestry.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Tapestry",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Apache Tapestry from 5.4.0 to 5.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Apache Tapestry from 5.4.0 to 5.5.0, crafting specific URLs, an attacker can download files inside the WEB-INF folder of the WAR being run."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-27T20:06:40",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/r50eb12e8a12074a9b7ed63cbab91d180d19cc23dc1da3ed5b6e1280f%40%3Cusers.tapestry.apache.org%3E"
},
{
"name": "[tapestry-users] 20210427 CVE-2021-30638: An Information Disclosure due to insufficient input validation exists in Apache Tapestry 5.4.0 and later",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r37dab61fc7f7088d4311e7f995ef4117d58d86a675f0256caa6991eb%40%3Cusers.tapestry.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2020-13953",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Tapestry",
"version": {
"version_data": [
{
"version_value": "Apache Tapestry from 5.4.0 to 5.5.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache Tapestry from 5.4.0 to 5.5.0, crafting specific URLs, an attacker can download files inside the WEB-INF folder of the WAR being run."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread.html/r50eb12e8a12074a9b7ed63cbab91d180d19cc23dc1da3ed5b6e1280f%40%3Cusers.tapestry.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r50eb12e8a12074a9b7ed63cbab91d180d19cc23dc1da3ed5b6e1280f%40%3Cusers.tapestry.apache.org%3E"
},
{
"name": "[tapestry-users] 20210427 CVE-2021-30638: An Information Disclosure due to insufficient input validation exists in Apache Tapestry 5.4.0 and later",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r37dab61fc7f7088d4311e7f995ef4117d58d86a675f0256caa6991eb@%3Cusers.tapestry.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2020-13953",
"datePublished": "2020-09-30T16:51:59",
"dateReserved": "2020-06-08T00:00:00",
"dateUpdated": "2024-08-04T12:32:14.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46366 (GCVE-0-2022-46366)
Vulnerability from cvelistv5
Published
2022-12-02 00:00
Modified
2024-08-03 14:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Summary
Apache Tapestry 3.x allows deserialization of untrusted data, leading to remote code execution. This issue is similar to but distinct from CVE-2020-17531, which applies the the (also unsupported) 4.x version line. NOTE: This vulnerability only affects Apache Tapestry version line 3.x, which is no longer supported by the maintainer. Users are recommended to upgrade to a supported version line of Apache Tapestry.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Tapestry |
Version: Apache Tapestry < 4.0.0 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:tapestry:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tapestry",
"vendor": "apache",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-46366",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-01T14:18:53.714851Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:16:08.208Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:31:46.317Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://lists.apache.org/thread/bwn1vjrvz1hq0wbdzj23wz322244swhj"
},
{
"name": "[oss-security] 20221202 CVE-2022-46366: Apache Tapestry prior to version 4 (EOL) allows RCE though deserialization of untrusted input",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/12/02/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0041/MNDT-2022-0041.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Tapestry",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "4.0.0",
"status": "affected",
"version": "Apache Tapestry",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Apache would like to thank Ilyass El Hadi from Mandiant for reporting this issue"
}
],
"descriptions": [
{
"lang": "en",
"value": "Apache Tapestry 3.x allows deserialization of untrusted data, leading to remote code execution. This issue is similar to but distinct from CVE-2020-17531, which applies the the (also unsupported) 4.x version line. NOTE: This vulnerability only affects Apache Tapestry version line 3.x, which is no longer supported by the maintainer. Users are recommended to upgrade to a supported version line of Apache Tapestry."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-06T00:00:00",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"url": "https://lists.apache.org/thread/bwn1vjrvz1hq0wbdzj23wz322244swhj"
},
{
"name": "[oss-security] 20221202 CVE-2022-46366: Apache Tapestry prior to version 4 (EOL) allows RCE though deserialization of untrusted input",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/12/02/1"
},
{
"url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0041/MNDT-2022-0041.md"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"unsupported-when-assigned"
],
"title": "Apache Tapestry prior to version 4 (EOL) allows RCE though deserialization of untrusted input",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2022-46366",
"datePublished": "2022-12-02T00:00:00",
"dateReserved": "2022-12-02T00:00:00",
"dateUpdated": "2024-08-03T14:31:46.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10071 (GCVE-0-2019-10071)
Vulnerability from cvelistv5
Published
2019-09-16 17:46
Modified
2024-08-04 22:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information Disclosure
Summary
The code which checks HMAC in form submissions used String.equals() for comparisons, which results in a timing side channel for the comparison of the HMAC signatures. This could lead to remote code execution if an attacker is able to determine the correct signature for their payload. The comparison should be done with a constant time algorithm instead.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread.html/6e8f42c88da7be3c60aafe3f6a85eb00b4f8b444de26b38d36233a43%40%3Cusers.tapestry.apache.org%3E | mailing-list, x_refsource_MLIST | |
| https://lists.apache.org/thread.html/bac8d6f9e1b4059b319d9cba6f33219a99b81623476ec896138f851c%40%3Cusers.tapestry.apache.org%3E | mailing-list, x_refsource_MLIST | |
| https://lists.apache.org/thread.html/7a437dad5af7309aba4d01bfc2463b3ac34e6aafaa565381d3a36460%40%3Cusers.tapestry.apache.org%3E | mailing-list, x_refsource_MLIST | |
| https://lists.apache.org/thread.html/r87523dd07886223aa086edc25fe9b8ddb9c1090f7db25b068dc30843%40%3Ccommits.tapestry.apache.org%3E | mailing-list, x_refsource_MLIST | |
| https://lists.apache.org/thread.html/r7d9c54beb1dc97dcccc58d9b5d31f0f7166f9a25ad1beba5f8091e0c%40%3Ccommits.tapestry.apache.org%3E | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache | Apache Tapestry |
Version: Apache Tapestry 5.4.0 to 5.4.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:09.295Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[tapestry-users] 20190913 CVE-2019-10071: Apache Tapestry vulnerability disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/6e8f42c88da7be3c60aafe3f6a85eb00b4f8b444de26b38d36233a43%40%3Cusers.tapestry.apache.org%3E"
},
{
"name": "[tapestry-users] 20191007 Re: CVE-2019-10071: Apache Tapestry vulnerability disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/bac8d6f9e1b4059b319d9cba6f33219a99b81623476ec896138f851c%40%3Cusers.tapestry.apache.org%3E"
},
{
"name": "[tapestry-users] 20191014 Re: CVE-2019-10071: Apache Tapestry vulnerability disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/7a437dad5af7309aba4d01bfc2463b3ac34e6aafaa565381d3a36460%40%3Cusers.tapestry.apache.org%3E"
},
{
"name": "[tapestry-commits] 20200111 svn commit: r1055136 [2/2] - in /websites/production/tapestry/content: cache/main.pageCache component-rendering.html content-type-and-markup.html dom.html https.html request-processing.html response-compression.html security.html url-rewriting.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r87523dd07886223aa086edc25fe9b8ddb9c1090f7db25b068dc30843%40%3Ccommits.tapestry.apache.org%3E"
},
{
"name": "[tapestry-commits] 20200531 svn commit: r1061326 [4/4] - in /websites/production/tapestry/content: ./ cache/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7d9c54beb1dc97dcccc58d9b5d31f0f7166f9a25ad1beba5f8091e0c%40%3Ccommits.tapestry.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Tapestry",
"vendor": "Apache",
"versions": [
{
"status": "affected",
"version": "Apache Tapestry 5.4.0 to 5.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The code which checks HMAC in form submissions used String.equals() for comparisons, which results in a timing side channel for the comparison of the HMAC signatures. This could lead to remote code execution if an attacker is able to determine the correct signature for their payload. The comparison should be done with a constant time algorithm instead."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-31T17:06:04",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[tapestry-users] 20190913 CVE-2019-10071: Apache Tapestry vulnerability disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/6e8f42c88da7be3c60aafe3f6a85eb00b4f8b444de26b38d36233a43%40%3Cusers.tapestry.apache.org%3E"
},
{
"name": "[tapestry-users] 20191007 Re: CVE-2019-10071: Apache Tapestry vulnerability disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/bac8d6f9e1b4059b319d9cba6f33219a99b81623476ec896138f851c%40%3Cusers.tapestry.apache.org%3E"
},
{
"name": "[tapestry-users] 20191014 Re: CVE-2019-10071: Apache Tapestry vulnerability disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/7a437dad5af7309aba4d01bfc2463b3ac34e6aafaa565381d3a36460%40%3Cusers.tapestry.apache.org%3E"
},
{
"name": "[tapestry-commits] 20200111 svn commit: r1055136 [2/2] - in /websites/production/tapestry/content: cache/main.pageCache component-rendering.html content-type-and-markup.html dom.html https.html request-processing.html response-compression.html security.html url-rewriting.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r87523dd07886223aa086edc25fe9b8ddb9c1090f7db25b068dc30843%40%3Ccommits.tapestry.apache.org%3E"
},
{
"name": "[tapestry-commits] 20200531 svn commit: r1061326 [4/4] - in /websites/production/tapestry/content: ./ cache/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r7d9c54beb1dc97dcccc58d9b5d31f0f7166f9a25ad1beba5f8091e0c%40%3Ccommits.tapestry.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2019-10071",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Tapestry",
"version": {
"version_data": [
{
"version_value": "Apache Tapestry 5.4.0 to 5.4.3"
}
]
}
}
]
},
"vendor_name": "Apache"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The code which checks HMAC in form submissions used String.equals() for comparisons, which results in a timing side channel for the comparison of the HMAC signatures. This could lead to remote code execution if an attacker is able to determine the correct signature for their payload. The comparison should be done with a constant time algorithm instead."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[tapestry-users] 20190913 CVE-2019-10071: Apache Tapestry vulnerability disclosure",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/6e8f42c88da7be3c60aafe3f6a85eb00b4f8b444de26b38d36233a43@%3Cusers.tapestry.apache.org%3E"
},
{
"name": "[tapestry-users] 20191007 Re: CVE-2019-10071: Apache Tapestry vulnerability disclosure",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/bac8d6f9e1b4059b319d9cba6f33219a99b81623476ec896138f851c@%3Cusers.tapestry.apache.org%3E"
},
{
"name": "[tapestry-users] 20191014 Re: CVE-2019-10071: Apache Tapestry vulnerability disclosure",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/7a437dad5af7309aba4d01bfc2463b3ac34e6aafaa565381d3a36460@%3Cusers.tapestry.apache.org%3E"
},
{
"name": "[tapestry-commits] 20200111 svn commit: r1055136 [2/2] - in /websites/production/tapestry/content: cache/main.pageCache component-rendering.html content-type-and-markup.html dom.html https.html request-processing.html response-compression.html security.html url-rewriting.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r87523dd07886223aa086edc25fe9b8ddb9c1090f7db25b068dc30843@%3Ccommits.tapestry.apache.org%3E"
},
{
"name": "[tapestry-commits] 20200531 svn commit: r1061326 [4/4] - in /websites/production/tapestry/content: ./ cache/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7d9c54beb1dc97dcccc58d9b5d31f0f7166f9a25ad1beba5f8091e0c@%3Ccommits.tapestry.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2019-10071",
"datePublished": "2019-09-16T17:46:19",
"dateReserved": "2019-03-26T00:00:00",
"dateUpdated": "2024-08-04T22:10:09.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0195 (GCVE-0-2019-0195)
Vulnerability from cvelistv5
Published
2019-09-16 15:37
Modified
2024-08-04 17:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information Disclosure
Summary
Manipulating classpath asset file URLs, an attacker could guess the path to a known file in the classpath and have it downloaded. If the attacker found the file with the value of the tapestry.hmac-passphrase configuration symbol, most probably the webapp's AppModule class, the value of this symbol could be used to craft a Java deserialization attack, thus running malicious injected Java code. The vector would be the t:formdata parameter from the Form component.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Apache Tapestry |
Version: Apache Tapestry 5.4.0 to 5.4.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:44:15.351Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[tapestry-users] 20190913 [CVE-2019-0195] Apache Tapestry vulnerability disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/5173c4eed06e2fca6fd5576ed723ff6bb1711738ec515cb51a04ab24%40%3Cusers.tapestry.apache.org%3E"
},
{
"name": "[tapestry-users] 20191007 Re: [CVE-2019-0195] Apache Tapestry vulnerability disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/a4092cb3bacb143571024e79c0016c039b6c982423daa33a7a5c794a%40%3Cusers.tapestry.apache.org%3E"
},
{
"name": "[tapestry-users] 20191014 Re: [CVE-2019-0195] Apache Tapestry vulnerability disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/6c40c1e03d2131119f9b77882431a0050f02bf9cae9ee48b84d012df%40%3Cusers.tapestry.apache.org%3E"
},
{
"name": "[tapestry-commits] 20200111 svn commit: r1055136 [2/2] - in /websites/production/tapestry/content: cache/main.pageCache component-rendering.html content-type-and-markup.html dom.html https.html request-processing.html response-compression.html security.html url-rewriting.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r87523dd07886223aa086edc25fe9b8ddb9c1090f7db25b068dc30843%40%3Ccommits.tapestry.apache.org%3E"
},
{
"name": "[tapestry-commits] 20200531 svn commit: r1061326 [4/4] - in /websites/production/tapestry/content: ./ cache/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7d9c54beb1dc97dcccc58d9b5d31f0f7166f9a25ad1beba5f8091e0c%40%3Ccommits.tapestry.apache.org%3E"
},
{
"name": "[tapestry-users] 20210414 [SECURITY VULNERABILITY DISCLOSURE] CVE-2021-27850: Apache Tapestry: Bypass of the fix for CVE-2019-0195",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r237ff7f286bda31682c254550c1ebf92b0ec61329b32fbeb2d1c8751%40%3Cusers.tapestry.apache.org%3E"
},
{
"name": "[oss-security] 20210414 CVE-2021-27850: Apache Tapestry: Bypass of the fix for CVE-2019-0195",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/15/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Tapestry",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Apache Tapestry 5.4.0 to 5.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Manipulating classpath asset file URLs, an attacker could guess the path to a known file in the classpath and have it downloaded. If the attacker found the file with the value of the tapestry.hmac-passphrase configuration symbol, most probably the webapp\u0027s AppModule class, the value of this symbol could be used to craft a Java deserialization attack, thus running malicious injected Java code. The vector would be the t:formdata parameter from the Form component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-15T11:06:14",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[tapestry-users] 20190913 [CVE-2019-0195] Apache Tapestry vulnerability disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/5173c4eed06e2fca6fd5576ed723ff6bb1711738ec515cb51a04ab24%40%3Cusers.tapestry.apache.org%3E"
},
{
"name": "[tapestry-users] 20191007 Re: [CVE-2019-0195] Apache Tapestry vulnerability disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/a4092cb3bacb143571024e79c0016c039b6c982423daa33a7a5c794a%40%3Cusers.tapestry.apache.org%3E"
},
{
"name": "[tapestry-users] 20191014 Re: [CVE-2019-0195] Apache Tapestry vulnerability disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/6c40c1e03d2131119f9b77882431a0050f02bf9cae9ee48b84d012df%40%3Cusers.tapestry.apache.org%3E"
},
{
"name": "[tapestry-commits] 20200111 svn commit: r1055136 [2/2] - in /websites/production/tapestry/content: cache/main.pageCache component-rendering.html content-type-and-markup.html dom.html https.html request-processing.html response-compression.html security.html url-rewriting.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r87523dd07886223aa086edc25fe9b8ddb9c1090f7db25b068dc30843%40%3Ccommits.tapestry.apache.org%3E"
},
{
"name": "[tapestry-commits] 20200531 svn commit: r1061326 [4/4] - in /websites/production/tapestry/content: ./ cache/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r7d9c54beb1dc97dcccc58d9b5d31f0f7166f9a25ad1beba5f8091e0c%40%3Ccommits.tapestry.apache.org%3E"
},
{
"name": "[tapestry-users] 20210414 [SECURITY VULNERABILITY DISCLOSURE] CVE-2021-27850: Apache Tapestry: Bypass of the fix for CVE-2019-0195",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r237ff7f286bda31682c254550c1ebf92b0ec61329b32fbeb2d1c8751%40%3Cusers.tapestry.apache.org%3E"
},
{
"name": "[oss-security] 20210414 CVE-2021-27850: Apache Tapestry: Bypass of the fix for CVE-2019-0195",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/15/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2019-0195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Tapestry",
"version": {
"version_data": [
{
"version_value": "Apache Tapestry 5.4.0 to 5.4.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Manipulating classpath asset file URLs, an attacker could guess the path to a known file in the classpath and have it downloaded. If the attacker found the file with the value of the tapestry.hmac-passphrase configuration symbol, most probably the webapp\u0027s AppModule class, the value of this symbol could be used to craft a Java deserialization attack, thus running malicious injected Java code. The vector would be the t:formdata parameter from the Form component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[tapestry-users] 20190913 [CVE-2019-0195] Apache Tapestry vulnerability disclosure",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/5173c4eed06e2fca6fd5576ed723ff6bb1711738ec515cb51a04ab24@%3Cusers.tapestry.apache.org%3E"
},
{
"name": "[tapestry-users] 20191007 Re: [CVE-2019-0195] Apache Tapestry vulnerability disclosure",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/a4092cb3bacb143571024e79c0016c039b6c982423daa33a7a5c794a@%3Cusers.tapestry.apache.org%3E"
},
{
"name": "[tapestry-users] 20191014 Re: [CVE-2019-0195] Apache Tapestry vulnerability disclosure",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/6c40c1e03d2131119f9b77882431a0050f02bf9cae9ee48b84d012df@%3Cusers.tapestry.apache.org%3E"
},
{
"name": "[tapestry-commits] 20200111 svn commit: r1055136 [2/2] - in /websites/production/tapestry/content: cache/main.pageCache component-rendering.html content-type-and-markup.html dom.html https.html request-processing.html response-compression.html security.html url-rewriting.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r87523dd07886223aa086edc25fe9b8ddb9c1090f7db25b068dc30843@%3Ccommits.tapestry.apache.org%3E"
},
{
"name": "[tapestry-commits] 20200531 svn commit: r1061326 [4/4] - in /websites/production/tapestry/content: ./ cache/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7d9c54beb1dc97dcccc58d9b5d31f0f7166f9a25ad1beba5f8091e0c@%3Ccommits.tapestry.apache.org%3E"
},
{
"name": "[tapestry-users] 20210414 [SECURITY VULNERABILITY DISCLOSURE] CVE-2021-27850: Apache Tapestry: Bypass of the fix for CVE-2019-0195",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r237ff7f286bda31682c254550c1ebf92b0ec61329b32fbeb2d1c8751@%3Cusers.tapestry.apache.org%3E"
},
{
"name": "[oss-security] 20210414 CVE-2021-27850: Apache Tapestry: Bypass of the fix for CVE-2019-0195",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/04/15/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2019-0195",
"datePublished": "2019-09-16T15:37:37",
"dateReserved": "2018-11-14T00:00:00",
"dateUpdated": "2024-08-04T17:44:15.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27850 (GCVE-0-2021-27850)
Vulnerability from cvelistv5
Published
2021-04-15 07:40
Modified
2024-08-03 21:33
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of CVE-2019-0195 it was possible to download arbitrary class files from the classpath by providing a crafted asset file URL. An attacker was able to download the file `AppModule.class` by requesting the URL `http://localhost:8080/assets/something/services/AppModule.class` which contains a HMAC secret key. The fix for that bug was a blacklist filter that checks if the URL ends with `.class`, `.properties` or `.xml`. Bypass: Unfortunately, the blacklist solution can simply be bypassed by appending a `/` at the end of the URL: `http://localhost:8080/assets/something/services/AppModule.class/` The slash is stripped after the blacklist check and the file `AppModule.class` is loaded into the response. This class usually contains the HMAC secret key which is used to sign serialized Java objects. With the knowledge of that key an attacker can sign a Java gadget chain that leads to RCE (e.g. CommonsBeanUtils1 from ysoserial). Solution for this vulnerability: * For Apache Tapestry 5.4.0 to 5.6.1, upgrade to 5.6.2 or later. * For Apache Tapestry 5.7.0, upgrade to 5.7.1 or later.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread.html/r237ff7f286bda31682c254550c1ebf92b0ec61329b32fbeb2d1c8751%40%3Cusers.tapestry.apache.org%3E | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2021/04/15/1 | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20210528-0002/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Tapestry |
Version: Apache Tapestry 5.5.0 Version: Apache Tapestry 5.7.0 Version: Apache Tapestry 5.4.5 < Apache Tapestry 5.4.0* Version: Apache Tapestry 5.6.2 < Apache Tapestry 5.6.0* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:15.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r237ff7f286bda31682c254550c1ebf92b0ec61329b32fbeb2d1c8751%40%3Cusers.tapestry.apache.org%3E"
},
{
"name": "[oss-security] 20210414 CVE-2021-27850: Apache Tapestry: Bypass of the fix for CVE-2019-0195",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/15/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210528-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Tapestry",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "Apache Tapestry 5.5.0"
},
{
"status": "affected",
"version": "Apache Tapestry 5.7.0"
},
{
"lessThan": "Apache Tapestry 5.4.0*",
"status": "affected",
"version": "Apache Tapestry 5.4.5",
"versionType": "custom"
},
{
"lessThan": "Apache Tapestry 5.6.0*",
"status": "affected",
"version": "Apache Tapestry 5.6.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Apache Tapestry would like to thank Johannes Moritz for finding and notifying this vulnerability"
}
],
"descriptions": [
{
"lang": "en",
"value": "A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of CVE-2019-0195 it was possible to download arbitrary class files from the classpath by providing a crafted asset file URL. An attacker was able to download the file `AppModule.class` by requesting the URL `http://localhost:8080/assets/something/services/AppModule.class` which contains a HMAC secret key. The fix for that bug was a blacklist filter that checks if the URL ends with `.class`, `.properties` or `.xml`. Bypass: Unfortunately, the blacklist solution can simply be bypassed by appending a `/` at the end of the URL: `http://localhost:8080/assets/something/services/AppModule.class/` The slash is stripped after the blacklist check and the file `AppModule.class` is loaded into the response. This class usually contains the HMAC secret key which is used to sign serialized Java objects. With the knowledge of that key an attacker can sign a Java gadget chain that leads to RCE (e.g. CommonsBeanUtils1 from ysoserial). Solution for this vulnerability: * For Apache Tapestry 5.4.0 to 5.6.1, upgrade to 5.6.2 or later. * For Apache Tapestry 5.7.0, upgrade to 5.7.1 or later."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-28T09:06:12",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/r237ff7f286bda31682c254550c1ebf92b0ec61329b32fbeb2d1c8751%40%3Cusers.tapestry.apache.org%3E"
},
{
"name": "[oss-security] 20210414 CVE-2021-27850: Apache Tapestry: Bypass of the fix for CVE-2019-0195",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/15/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210528-0002/"
}
],
"source": {
"defect": [
"TAP5-2663"
],
"discovery": "UNKNOWN"
},
"title": "Bypass of the fix for CVE-2019-0195",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-27850",
"STATE": "PUBLIC",
"TITLE": "Bypass of the fix for CVE-2019-0195"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Tapestry",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "Apache Tapestry 5.4.0",
"version_value": "Apache Tapestry 5.4.5"
},
{
"version_affected": "=",
"version_name": "Apache Tapestry 5.5.0",
"version_value": "Apache Tapestry 5.5.0"
},
{
"version_affected": "\u003e=",
"version_name": "Apache Tapestry 5.6.0",
"version_value": "Apache Tapestry 5.6.2"
},
{
"version_affected": "=",
"version_name": "Apache Tapestry 5.7.0",
"version_value": "Apache Tapestry 5.7.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Apache Tapestry would like to thank Johannes Moritz for finding and notifying this vulnerability"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of CVE-2019-0195 it was possible to download arbitrary class files from the classpath by providing a crafted asset file URL. An attacker was able to download the file `AppModule.class` by requesting the URL `http://localhost:8080/assets/something/services/AppModule.class` which contains a HMAC secret key. The fix for that bug was a blacklist filter that checks if the URL ends with `.class`, `.properties` or `.xml`. Bypass: Unfortunately, the blacklist solution can simply be bypassed by appending a `/` at the end of the URL: `http://localhost:8080/assets/something/services/AppModule.class/` The slash is stripped after the blacklist check and the file `AppModule.class` is loaded into the response. This class usually contains the HMAC secret key which is used to sign serialized Java objects. With the knowledge of that key an attacker can sign a Java gadget chain that leads to RCE (e.g. CommonsBeanUtils1 from ysoserial). Solution for this vulnerability: * For Apache Tapestry 5.4.0 to 5.6.1, upgrade to 5.6.2 or later. * For Apache Tapestry 5.7.0, upgrade to 5.7.1 or later."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread.html/r237ff7f286bda31682c254550c1ebf92b0ec61329b32fbeb2d1c8751%40%3Cusers.tapestry.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r237ff7f286bda31682c254550c1ebf92b0ec61329b32fbeb2d1c8751%40%3Cusers.tapestry.apache.org%3E"
},
{
"name": "[oss-security] 20210414 CVE-2021-27850: Apache Tapestry: Bypass of the fix for CVE-2019-0195",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/04/15/1"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210528-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210528-0002/"
}
]
},
"source": {
"defect": [
"TAP5-2663"
],
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2021-27850",
"datePublished": "2021-04-15T07:40:11",
"dateReserved": "2021-03-01T00:00:00",
"dateUpdated": "2024-08-03T21:33:15.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-30638 (GCVE-0-2021-30638)
Vulnerability from cvelistv5
Published
2021-04-27 18:30
Modified
2024-08-03 22:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Information Exposure
Summary
Information Exposure vulnerability in context asset handling of Apache Tapestry allows an attacker to download files inside WEB-INF if using a specially-constructed URL. This was caused by an incomplete fix for CVE-2020-13953. This issue affects Apache Tapestry Apache Tapestry 5.4.0 version to Apache Tapestry 5.6.3; Apache Tapestry 5.7.0 version and Apache Tapestry 5.7.1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread.html/r37dab61fc7f7088d4311e7f995ef4117d58d86a675f0256caa6991eb%40%3Cusers.tapestry.apache.org%3E | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2021/04/27/3 | mailing-list, x_refsource_MLIST | |
| https://www.zerodayinitiative.com/advisories/ZDI-21-491/ | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210528-0004/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Tapestry |
Version: Apache Tapestry < Apache Tapestry 5.6.4 Version: Apache Tapestry < Apache Tapestry 5.7.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:40:31.642Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r37dab61fc7f7088d4311e7f995ef4117d58d86a675f0256caa6991eb%40%3Cusers.tapestry.apache.org%3E"
},
{
"name": "[oss-security] 20210427 CVE-2021-30638: An Information Disclosure due to insufficient input validation exists in Apache Tapestry 5.4.0 and later",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/27/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-491/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210528-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Tapestry",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "Apache Tapestry 5.6.4",
"status": "affected",
"version": "Apache Tapestry ",
"versionType": "custom"
},
{
"lessThan": "Apache Tapestry 5.7.2",
"status": "affected",
"version": "Apache Tapestry",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This vulnerability was discovered by Kc Udonsi of Trend Micro"
}
],
"descriptions": [
{
"lang": "en",
"value": "Information Exposure vulnerability in context asset handling of Apache Tapestry allows an attacker to download files inside WEB-INF if using a specially-constructed URL. This was caused by an incomplete fix for CVE-2020-13953. This issue affects Apache Tapestry Apache Tapestry 5.4.0 version to Apache Tapestry 5.6.3; Apache Tapestry 5.7.0 version and Apache Tapestry 5.7.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-28T09:06:15",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/r37dab61fc7f7088d4311e7f995ef4117d58d86a675f0256caa6991eb%40%3Cusers.tapestry.apache.org%3E"
},
{
"name": "[oss-security] 20210427 CVE-2021-30638: An Information Disclosure due to insufficient input validation exists in Apache Tapestry 5.4.0 and later",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/27/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-491/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210528-0004/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "An Information Disclosure due to insufficient input validation exists in Apache Tapestry 5.4.0 and later",
"workarounds": [
{
"lang": "en",
"value": "Solution:\nFor Tapestry 5.4.0 to 5.6.3: upgrade to 5.6.4\nFor Tapestry 5.7.0 and 5.7.1: upgrade to 5.7.2"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-30638",
"STATE": "PUBLIC",
"TITLE": "An Information Disclosure due to insufficient input validation exists in Apache Tapestry 5.4.0 and later"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Tapestry",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "Apache Tapestry ",
"version_value": "Apache Tapestry 5.6.4"
},
{
"version_affected": "\u003c",
"version_name": "Apache Tapestry",
"version_value": "Apache Tapestry 5.7.2"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This vulnerability was discovered by Kc Udonsi of Trend Micro"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Information Exposure vulnerability in context asset handling of Apache Tapestry allows an attacker to download files inside WEB-INF if using a specially-constructed URL. This was caused by an incomplete fix for CVE-2020-13953. This issue affects Apache Tapestry Apache Tapestry 5.4.0 version to Apache Tapestry 5.6.3; Apache Tapestry 5.7.0 version and Apache Tapestry 5.7.1."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread.html/r37dab61fc7f7088d4311e7f995ef4117d58d86a675f0256caa6991eb%40%3Cusers.tapestry.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r37dab61fc7f7088d4311e7f995ef4117d58d86a675f0256caa6991eb%40%3Cusers.tapestry.apache.org%3E"
},
{
"name": "[oss-security] 20210427 CVE-2021-30638: An Information Disclosure due to insufficient input validation exists in Apache Tapestry 5.4.0 and later",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/04/27/3"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-491/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-491/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210528-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210528-0004/"
}
]
},
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "Solution:\nFor Tapestry 5.4.0 to 5.6.3: upgrade to 5.6.4\nFor Tapestry 5.7.0 and 5.7.1: upgrade to 5.7.2"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2021-30638",
"datePublished": "2021-04-27T18:30:15",
"dateReserved": "2021-04-13T00:00:00",
"dateUpdated": "2024-08-03T22:40:31.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31781 (GCVE-0-2022-31781)
Vulnerability from cvelistv5
Published
2022-07-13 07:25
Modified
2024-08-03 07:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1333 - Inefficient Regular Expression Complexity
Summary
Apache Tapestry up to version 5.8.1 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles Content Types. Specially crafted Content Types may cause catastrophic backtracking, taking exponential time to complete. Specifically, this is about the regular expression used on the parameter of the org.apache.tapestry5.http.ContentType class. Apache Tapestry 5.8.2 has a fix for this vulnerability. Notice the vulnerability cannot be triggered by web requests in Tapestry code alone. It would only happen if there's some non-Tapestry codepath passing some outside input to the ContentType class constructor.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.openwall.com/lists/oss-security/2022/07/12/3 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Tapestry |
Version: 5.8.1 < 5.8.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.066Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2022/07/12/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Tapestry",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "5.8.1",
"status": "affected",
"version": "5.8.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "CodeQL team members [@atorralba (Tony Torralba)](https://github.com/atorralba) and [@joefarebrother (Joseph Farebrother)](https://github.com/joefarebrother)."
}
],
"descriptions": [
{
"lang": "en",
"value": "Apache Tapestry up to version 5.8.1 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles Content Types. Specially crafted Content Types may cause catastrophic backtracking, taking exponential time to complete. Specifically, this is about the regular expression used on the parameter of the org.apache.tapestry5.http.ContentType class. Apache Tapestry 5.8.2 has a fix for this vulnerability. Notice the vulnerability cannot be triggered by web requests in Tapestry code alone. It would only happen if there\u0027s some non-Tapestry codepath passing some outside input to the ContentType class constructor."
}
],
"metrics": [
{
"other": {
"content": {
"other": "low"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "CWE-1333 Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-25T08:10:31.213Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2022/07/12/3"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Regular Expression Denial of Service (ReDoS) in ContentType.java. (GHSL-2022-022)",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2022-31781",
"STATE": "PUBLIC",
"TITLE": "Regular Expression Denial of Service (ReDoS) in ContentType.java. (GHSL-2022-022)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Tapestry",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.8.1",
"version_value": "5.8.1"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "CodeQL team members [@atorralba (Tony Torralba)](https://github.com/atorralba) and [@joefarebrother (Joseph Farebrother)](https://github.com/joefarebrother)."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Tapestry up to version 5.8.1 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles Content Types. Specially crafted Content Types may cause catastrophic backtracking, taking exponential time to complete. Specifically, this is about the regular expression used on the parameter of the org.apache.tapestry5.http.ContentType class. Apache Tapestry 5.8.2 has a fix for this vulnerability. Notice the vulnerability cannot be triggered by web requests in Tapestry code alone. It would only happen if there\u0027s some non-Tapestry codepath passing some outside input to the ContentType class constructor."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{
"other": "low"
}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1333 Inefficient Regular Expression Complexity"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openwall.com/lists/oss-security/2022/07/12/3",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2022/07/12/3"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2022-31781",
"datePublished": "2022-07-13T07:25:10",
"dateReserved": "2022-05-27T00:00:00",
"dateUpdated": "2024-08-03T07:26:01.066Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1972 (GCVE-0-2014-1972)
Vulnerability from cvelistv5
Published
2015-08-22 23:00
Modified
2024-08-06 09:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Apache Tapestry before 5.3.6 relies on client-side object storage without checking whether a client has modified an object, which allows remote attackers to cause a denial of service (resource consumption) or execute arbitrary code via crafted serialized data.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:58:15.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tapestry.apache.org/release-notes-536.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/TAP5-2008"
},
{
"name": "JVN#17611367",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN17611367/index.html"
},
{
"name": "JVNDB-2015-000118",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000118"
},
{
"name": "[oss-security] 20190823 CVE-2019-10071: Timing Attack in HMAC Verification in Apache Tapestry",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/08/23/5"
},
{
"name": "20190825 CVE-2019-10071: Timing Attack in HMAC Verification in Apache Tapestry",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/20"
},
{
"name": "[tapestry-users] 20190913 Re: CVE-2019-10071: Apache Tapestry vulnerability disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/84e99dedad2ecb4676de93c3ab73a8a10882951ab6984f514707f3d9%40%3Cusers.tapestry.apache.org%3E"
},
{
"name": "[tapestry-users] 20191007 Re: CVE-2019-10071: Apache Tapestry vulnerability disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/bac8d6f9e1b4059b319d9cba6f33219a99b81623476ec896138f851c%40%3Cusers.tapestry.apache.org%3E"
},
{
"name": "[tapestry-commits] 20200111 svn commit: r1055136 [2/2] - in /websites/production/tapestry/content: cache/main.pageCache component-rendering.html content-type-and-markup.html dom.html https.html request-processing.html response-compression.html security.html url-rewriting.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r87523dd07886223aa086edc25fe9b8ddb9c1090f7db25b068dc30843%40%3Ccommits.tapestry.apache.org%3E"
},
{
"name": "[tapestry-commits] 20200531 svn commit: r1061326 [4/4] - in /websites/production/tapestry/content: ./ cache/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7d9c54beb1dc97dcccc58d9b5d31f0f7166f9a25ad1beba5f8091e0c%40%3Ccommits.tapestry.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache Tapestry before 5.3.6 relies on client-side object storage without checking whether a client has modified an object, which allows remote attackers to cause a denial of service (resource consumption) or execute arbitrary code via crafted serialized data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-31T17:06:05",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tapestry.apache.org/release-notes-536.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.apache.org/jira/browse/TAP5-2008"
},
{
"name": "JVN#17611367",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN17611367/index.html"
},
{
"name": "JVNDB-2015-000118",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000118"
},
{
"name": "[oss-security] 20190823 CVE-2019-10071: Timing Attack in HMAC Verification in Apache Tapestry",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/08/23/5"
},
{
"name": "20190825 CVE-2019-10071: Timing Attack in HMAC Verification in Apache Tapestry",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/20"
},
{
"name": "[tapestry-users] 20190913 Re: CVE-2019-10071: Apache Tapestry vulnerability disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/84e99dedad2ecb4676de93c3ab73a8a10882951ab6984f514707f3d9%40%3Cusers.tapestry.apache.org%3E"
},
{
"name": "[tapestry-users] 20191007 Re: CVE-2019-10071: Apache Tapestry vulnerability disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/bac8d6f9e1b4059b319d9cba6f33219a99b81623476ec896138f851c%40%3Cusers.tapestry.apache.org%3E"
},
{
"name": "[tapestry-commits] 20200111 svn commit: r1055136 [2/2] - in /websites/production/tapestry/content: cache/main.pageCache component-rendering.html content-type-and-markup.html dom.html https.html request-processing.html response-compression.html security.html url-rewriting.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r87523dd07886223aa086edc25fe9b8ddb9c1090f7db25b068dc30843%40%3Ccommits.tapestry.apache.org%3E"
},
{
"name": "[tapestry-commits] 20200531 svn commit: r1061326 [4/4] - in /websites/production/tapestry/content: ./ cache/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r7d9c54beb1dc97dcccc58d9b5d31f0f7166f9a25ad1beba5f8091e0c%40%3Ccommits.tapestry.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-1972",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Tapestry before 5.3.6 relies on client-side object storage without checking whether a client has modified an object, which allows remote attackers to cause a denial of service (resource consumption) or execute arbitrary code via crafted serialized data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tapestry.apache.org/release-notes-536.html",
"refsource": "CONFIRM",
"url": "https://tapestry.apache.org/release-notes-536.html"
},
{
"name": "https://issues.apache.org/jira/browse/TAP5-2008",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/TAP5-2008"
},
{
"name": "JVN#17611367",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN17611367/index.html"
},
{
"name": "JVNDB-2015-000118",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000118"
},
{
"name": "[oss-security] 20190823 CVE-2019-10071: Timing Attack in HMAC Verification in Apache Tapestry",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/08/23/5"
},
{
"name": "20190825 CVE-2019-10071: Timing Attack in HMAC Verification in Apache Tapestry",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Aug/20"
},
{
"name": "[tapestry-users] 20190913 Re: CVE-2019-10071: Apache Tapestry vulnerability disclosure",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/84e99dedad2ecb4676de93c3ab73a8a10882951ab6984f514707f3d9@%3Cusers.tapestry.apache.org%3E"
},
{
"name": "[tapestry-users] 20191007 Re: CVE-2019-10071: Apache Tapestry vulnerability disclosure",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/bac8d6f9e1b4059b319d9cba6f33219a99b81623476ec896138f851c@%3Cusers.tapestry.apache.org%3E"
},
{
"name": "[tapestry-commits] 20200111 svn commit: r1055136 [2/2] - in /websites/production/tapestry/content: cache/main.pageCache component-rendering.html content-type-and-markup.html dom.html https.html request-processing.html response-compression.html security.html url-rewriting.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r87523dd07886223aa086edc25fe9b8ddb9c1090f7db25b068dc30843@%3Ccommits.tapestry.apache.org%3E"
},
{
"name": "[tapestry-commits] 20200531 svn commit: r1061326 [4/4] - in /websites/production/tapestry/content: ./ cache/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7d9c54beb1dc97dcccc58d9b5d31f0f7166f9a25ad1beba5f8091e0c@%3Ccommits.tapestry.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2014-1972",
"datePublished": "2015-08-22T23:00:00",
"dateReserved": "2014-02-17T00:00:00",
"dateUpdated": "2024-08-06T09:58:15.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0207 (GCVE-0-2019-0207)
Vulnerability from cvelistv5
Published
2019-09-16 16:36
Modified
2024-08-04 17:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information Disclosure
Summary
Tapestry processes assets `/assets/ctx` using classes chain `StaticFilesFilter -> AssetDispatcher -> ContextResource`, which doesn't filter the character `\`, so attacker can perform a path traversal attack to read any files on Windows platform.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread.html/765be3606d865de513f6df9288842c3cf58b09a987c617a535f2b99d%40%3Cusers.tapestry.apache.org%3E | mailing-list, x_refsource_MLIST | |
| https://lists.apache.org/thread.html/bac8d6f9e1b4059b319d9cba6f33219a99b81623476ec896138f851c%40%3Cusers.tapestry.apache.org%3E | mailing-list, x_refsource_MLIST | |
| https://lists.apache.org/thread.html/r87523dd07886223aa086edc25fe9b8ddb9c1090f7db25b068dc30843%40%3Ccommits.tapestry.apache.org%3E | mailing-list, x_refsource_MLIST | |
| https://lists.apache.org/thread.html/r7d9c54beb1dc97dcccc58d9b5d31f0f7166f9a25ad1beba5f8091e0c%40%3Ccommits.tapestry.apache.org%3E | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache | Apache Tapestry |
Version: Apache Tapestry 5.4.0 to 5.4.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:44:15.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[tapestry-users] 20190913 CVE-2019-0207: Apache Tapestry vulnerability disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/765be3606d865de513f6df9288842c3cf58b09a987c617a535f2b99d%40%3Cusers.tapestry.apache.org%3E"
},
{
"name": "[tapestry-users] 20191007 Re: CVE-2019-10071: Apache Tapestry vulnerability disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/bac8d6f9e1b4059b319d9cba6f33219a99b81623476ec896138f851c%40%3Cusers.tapestry.apache.org%3E"
},
{
"name": "[tapestry-commits] 20200111 svn commit: r1055136 [2/2] - in /websites/production/tapestry/content: cache/main.pageCache component-rendering.html content-type-and-markup.html dom.html https.html request-processing.html response-compression.html security.html url-rewriting.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r87523dd07886223aa086edc25fe9b8ddb9c1090f7db25b068dc30843%40%3Ccommits.tapestry.apache.org%3E"
},
{
"name": "[tapestry-commits] 20200531 svn commit: r1061326 [4/4] - in /websites/production/tapestry/content: ./ cache/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7d9c54beb1dc97dcccc58d9b5d31f0f7166f9a25ad1beba5f8091e0c%40%3Ccommits.tapestry.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Tapestry",
"vendor": "Apache",
"versions": [
{
"status": "affected",
"version": "Apache Tapestry 5.4.0 to 5.4.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tapestry processes assets `/assets/ctx` using classes chain `StaticFilesFilter -\u003e AssetDispatcher -\u003e ContextResource`, which doesn\u0027t filter the character `\\`, so attacker can perform a path traversal attack to read any files on Windows platform."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-31T17:06:06",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[tapestry-users] 20190913 CVE-2019-0207: Apache Tapestry vulnerability disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/765be3606d865de513f6df9288842c3cf58b09a987c617a535f2b99d%40%3Cusers.tapestry.apache.org%3E"
},
{
"name": "[tapestry-users] 20191007 Re: CVE-2019-10071: Apache Tapestry vulnerability disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/bac8d6f9e1b4059b319d9cba6f33219a99b81623476ec896138f851c%40%3Cusers.tapestry.apache.org%3E"
},
{
"name": "[tapestry-commits] 20200111 svn commit: r1055136 [2/2] - in /websites/production/tapestry/content: cache/main.pageCache component-rendering.html content-type-and-markup.html dom.html https.html request-processing.html response-compression.html security.html url-rewriting.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r87523dd07886223aa086edc25fe9b8ddb9c1090f7db25b068dc30843%40%3Ccommits.tapestry.apache.org%3E"
},
{
"name": "[tapestry-commits] 20200531 svn commit: r1061326 [4/4] - in /websites/production/tapestry/content: ./ cache/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r7d9c54beb1dc97dcccc58d9b5d31f0f7166f9a25ad1beba5f8091e0c%40%3Ccommits.tapestry.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2019-0207",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Tapestry",
"version": {
"version_data": [
{
"version_value": "Apache Tapestry 5.4.0 to 5.4.4"
}
]
}
}
]
},
"vendor_name": "Apache"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tapestry processes assets `/assets/ctx` using classes chain `StaticFilesFilter -\u003e AssetDispatcher -\u003e ContextResource`, which doesn\u0027t filter the character `\\`, so attacker can perform a path traversal attack to read any files on Windows platform."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[tapestry-users] 20190913 CVE-2019-0207: Apache Tapestry vulnerability disclosure",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/765be3606d865de513f6df9288842c3cf58b09a987c617a535f2b99d@%3Cusers.tapestry.apache.org%3E"
},
{
"name": "[tapestry-users] 20191007 Re: CVE-2019-10071: Apache Tapestry vulnerability disclosure",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/bac8d6f9e1b4059b319d9cba6f33219a99b81623476ec896138f851c@%3Cusers.tapestry.apache.org%3E"
},
{
"name": "[tapestry-commits] 20200111 svn commit: r1055136 [2/2] - in /websites/production/tapestry/content: cache/main.pageCache component-rendering.html content-type-and-markup.html dom.html https.html request-processing.html response-compression.html security.html url-rewriting.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r87523dd07886223aa086edc25fe9b8ddb9c1090f7db25b068dc30843@%3Ccommits.tapestry.apache.org%3E"
},
{
"name": "[tapestry-commits] 20200531 svn commit: r1061326 [4/4] - in /websites/production/tapestry/content: ./ cache/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7d9c54beb1dc97dcccc58d9b5d31f0f7166f9a25ad1beba5f8091e0c@%3Ccommits.tapestry.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2019-0207",
"datePublished": "2019-09-16T16:36:14",
"dateReserved": "2018-11-14T00:00:00",
"dateUpdated": "2024-08-04T17:44:15.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}