Path Manipulation Vulnerability in Apache Tapestry Framework
CVE-2019-0195

9.8CRITICAL

Key Information:

Vendor
Apache
Status
Apache Tapestry
Vendor
CVE Published:
16 September 2019

Summary

This vulnerability allows an attacker to manipulate classpath asset file URLs to gain access to files within the application. By guessing paths to known files, an attacker could potentially download sensitive configuration symbols such as the tapestry.hmac-passphrase. If this passphrase is retrieved, it opens the door to Java deserialization attacks, allowing malicious actors to execute injected Java code through a crafted request using the t:formdata parameter. This emphasizes the importance of securing web application file access to prevent unauthorized data exposure and code execution.

Affected Version(s)

Apache Tapestry Apache Tapestry 5.4.0 to 5.4.3

References

https://lists.apache.org/thread.html/5173c4eed06e2fca6fd5...
mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/a4092cb3bacb14357102...
mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/6c40c1e03d2131119f9b...
mailing-listx_refsource_MLIST

EPSS Score

19% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.