Lucene search
K

7 matches found

Nuclei
Nuclei
added 5 days ago76 views

Apache Tapestry - Remote Code Execution

Apache Tapestry contains a critical unauthenticated remote code execution vulnerability. Affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. Note that this vulnerability is a bypass of the fix for CVE-2019-0195. Before that fix it was possible to download arbitrary class files from the...

10CVSS8AI score0.94089EPSS
Exploits5References5
RedhatCVE
RedhatCVE
added 2025/05/22 10:5 a.m.14 views

CVE-2019-0195

Manipulating classpath asset file URLs, an attacker could guess the path to a known file in the classpath and have it downloaded. If the attacker found the file with the value of the tapestry.hmac-passphrase configuration symbol, most probably the webapp's AppModule class, the value of this symbo...

9.8CVSS6.7AI score0.14866EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2021/06/16 5:33 p.m.90 views

Remote code execution in Apache Tapestry

A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of CVE-2019-0195 it was...

10CVSS0.8AI score0.94089EPSS
Exploits5References6Affected Software1
Veracode
Veracode
added 2021/04/16 5:14 a.m.34 views

Remote Code Execution

tapestry-core is vulnerable to remote code execution. Access to the classpath asset files is not restricted, allowing an attacker to guess the path to a known file in the classpath and retrieve the contents. It can also potentially allow the attacker to perform a Java serialization attack if the...

9.8CVSS4.6AI score0.94089EPSS
Exploits5References4Affected Software1
Cvelist
Cvelist
added 2021/04/15 7:40 a.m.57 views

CVE-2021-27850 Bypass of the fix for CVE-2019-0195

A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of CVE-2019-0195 it was...

10AI score0.94089EPSS
Exploits5References3
ATTACKERKB
ATTACKERKB
added 2021/04/15 12:0 a.m.122 views

CVE-2021-27850

A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of CVE-2019-0195 it was...

10CVSS0.8AI score0.94089EPSS
In wildExploits5References4
CVE
CVE
added 2019/09/16 3:37 p.m.208 views

CVE-2019-0195

CVE-2019-0195 describes a vulnerability in Apache Tapestry where an attacker can manipulate classpath asset file URLs to download known classpath files. If the attacker obtains the value of the tapestry.hmac-passphrase (likely from AppModule), this can be used to craft a Java deserialization atta...

9.8CVSS9.1AI score0.14866EPSS
In wildExploits0References7Affected Software1
Rows per page
Query Builder