CVE-2019-0195

9.8CRITICAL

Key Information:

Vendor
Apache
Status
Apache Tapestry
Vendor
CVE Published:
16 September 2019

Summary

Manipulating classpath asset file URLs, an attacker could guess the path to a known file in the classpath and have it downloaded. If the attacker found the file with the value of the tapestry.hmac-passphrase configuration symbol, most probably the webapp's AppModule class, the value of this symbol could be used to craft a Java deserialization attack, thus running malicious injected Java code. The vector would be the t:formdata parameter from the Form component.

Affected Version(s)

Apache Tapestry Apache Tapestry 5.4.0 to 5.4.3

References

https://lists.apache.org/thread.html/5173c4eed06e2fca6fd5...
mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/a4092cb3bacb14357102...
mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/6c40c1e03d2131119f9b...
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.