Apache Tapestry Arbitrary File Read

critical Web App Scanning Plugin ID 114448

Synopsis

Apache Tapestry Arbitrary File Read

Description

Apache Tapestry versions 5.4.0 < 5.6.2 and 5.7.0 < 5.7.1 allows an unauthenticated attacker to access Class files via a specially crafted request. If the value of 'tapestry.hmac-passphrase' is recovered, this vulnerability can be exploited to obtain arbitrary code execution through the value of the 't:formdata' parameter when a form is sent.

Solution

Upgrade to Apache Tapestry 5.6.2, 5.7.1 or later.

See Also

https://lists.apache.org/thread/4z4ch3y7d1ngcz0xcd99pss40j1q9dfn

https://tapestry.apache.org/configuration.html#Configuration-ConfigurationSymbolNames

https://tapestry.apache.org/security.html

Plugin Details

Severity: Critical

ID: 114448

Type: remote

Published: 10/15/2024

Updated: 10/15/2024

Scan Template: basic, full, pci, scan

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2021-27850

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS Score Source: CVE-2019-0195

Vulnerability Information

CPE: cpe:2.3:a:apache:tapestry:*:*:*:*:*:*:*:*

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/15/2023

Vulnerability Publication Date: 4/15/2023

Reference Information

CVE: CVE-2019-0195, CVE-2021-27850