fkie_cve-2022-31781
Vulnerability from fkie_nvd
Published
2022-07-13 08:15
Modified
2024-11-21 07:05
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Apache Tapestry up to version 5.8.1 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles Content Types. Specially crafted Content Types may cause catastrophic backtracking, taking exponential time to complete. Specifically, this is about the regular expression used on the parameter of the org.apache.tapestry5.http.ContentType class. Apache Tapestry 5.8.2 has a fix for this vulnerability. Notice the vulnerability cannot be triggered by web requests in Tapestry code alone. It would only happen if there's some non-Tapestry codepath passing some outside input to the ContentType class constructor.
References
security@apache.orghttps://www.openwall.com/lists/oss-security/2022/07/12/3Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.openwall.com/lists/oss-security/2022/07/12/3Mailing List, Vendor Advisory
Impacted products
Vendor Product Version
apache tapestry *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:tapestry:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B1B9B9-B0DD-42B4-86BE-587593E365E3",
              "versionEndExcluding": "5.8.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Apache Tapestry up to version 5.8.1 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles Content Types. Specially crafted Content Types may cause catastrophic backtracking, taking exponential time to complete. Specifically, this is about the regular expression used on the parameter of the org.apache.tapestry5.http.ContentType class. Apache Tapestry 5.8.2 has a fix for this vulnerability. Notice the vulnerability cannot be triggered by web requests in Tapestry code alone. It would only happen if there\u0027s some non-Tapestry codepath passing some outside input to the ContentType class constructor."
    },
    {
      "lang": "es",
      "value": "Apache Tapestry versiones hasta 5.8.1 es vulnerable a una Denegaci\u00f3n de Servicio por Expresi\u00f3n Regular (ReDoS) en la forma en que maneja los Tipos de Contenido. Los Tipos de Contenido especialmente dise\u00f1ados pueden causar un retroceso catastr\u00f3fico, tardando un tiempo exponencial en completarse. En concreto, esto es acerca de la expresi\u00f3n regular usada en el par\u00e1metro de la clase org.apache.tapestry5.http.ContentType. Apache Tapestry versi\u00f3n 5.8.2 presenta una correcci\u00f3n para esta vulnerabilidad. Obs\u00e9rvese que la vulnerabilidad no puede ser desencadenada s\u00f3lo por peticiones web en el c\u00f3digo de Tapestry. S\u00f3lo ocurrir\u00eda si se presenta alg\u00fan codepath no Tapestry pasando alguna entrada externa al constructor de la clase ContentType"
    }
  ],
  "id": "CVE-2022-31781",
  "lastModified": "2024-11-21T07:05:18.387",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-07-13T08:15:07.213",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://www.openwall.com/lists/oss-security/2022/07/12/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://www.openwall.com/lists/oss-security/2022/07/12/3"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1333"
        }
      ],
      "source": "security@apache.org",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1333"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.