5 matches found
CVE-2019-0195
Manipulating classpath asset file URLs, an attacker could guess the path to a known file in the classpath and have it downloaded. If the attacker found the file with the value of the tapestry.hmac-passphrase configuration symbol, most probably the webapp's AppModule class, the value of this symbo...
GHSA-6MWH-FW4P-75FJ Deserialization of Untrusted Data in Apache Tapestry
By manipulating classpath asset file URLs, an attacker could guess the path to a known file in the classpath and have it downloaded. If the attacker found the file with the value of the tapestry.hmac-passphrase configuration symbol, most probably the webapp's AppModule class, the value of this...
Apache Tapestry 代码问题漏洞
Apache Tapestry is the United States Apache Apache Foundation of a Web application framework written in the Java language . Apache Tapestry has a security vulnerability that can be exploited by an attacker to download the file "AppModule.class" by requesting the URL "http: localhost: 8080 assets...
CVE-2019-0195
Manipulating classpath asset file URLs, an attacker could guess the path to a known file in the classpath and have it downloaded. If the attacker found the file with the value of the tapestry.hmac-passphrase configuration symbol, most probably the webapp's AppModule class, the value of this symbo...
Deserialization of untrusted data
Manipulating classpath asset file URLs, an attacker could guess the path to a known file in the classpath and have it downloaded. If the attacker found the file with the value of the tapestry.hmac-passphrase configuration symbol, most probably the webapp's AppModule class, the value of this symbo...