Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:25 a.m.10 views

CVE-2019-10071

The code which checks HMAC in form submissions used String.equals for comparisons, which results in a timing side channel for the comparison of the HMAC signatures. This could lead to remote code execution if an attacker is able to determine the correct signature for their payload. The comparison...

9.8CVSS7.6AI score0.08752EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2019/09/26 9:30 p.m.6 views

com.ganshane.lichen:lichen-creeper (>=0.5.9 <=0.5.10.2), com.ganshane.lichen:lichen-node (>=0.5.9 <=0.5.10.2) +45 more potentially affected by CVE-2019-10071 via org.apache.tapestry:tapestry-core (>=5.4-beta-22 <=5.4.4)

org.apache.tapestry:tapestry-core MAVEN version =5.4-beta-22, =0.5.9, =0.5.9, =0.5.9, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.92-RELEASE, =0.98 - de.julielab:julie-elastic-query-components =1.0.3 - de.julielab:julielab-elastic-query-components =1.2.0 -...

9.8CVSS7.2AI score0.08752EPSS
Exploits1
CVE
CVE
added 2019/09/16 5:46 p.m.168 views

CVE-2019-10071

CVE-2019-10071 is an Apache Tapestry timing-attack vulnerability caused by using String.equals() to compare HMACs in form submissions. This creates a timing side channel that could let an attacker estimate the correct signature for a payload, potentially enabling remote code execution. Affected v...

9.8CVSS9.6AI score0.08752EPSS
Exploits1References5Affected Software1
0day.today
0day.today
added 2019/08/26 12:0 a.m.32 views

Apache Tapestry 5.3.6 HMAC Timing Attack Vulnerability

Exploit for java platform in category web applications CVE-2019-10071: Timing Attack in HMAC Verification in Apache Tapestry Affected versions: - Apache Tapestry 5.3.6 through current releases. Description: Apache Tapestry uses HMACs to verify the integrity of objects stored on the client side...

6.8CVSS0.2AI score0.09598EPSS
Exploits1
Rows per page
Query Builder