Information Disclosure in Apache Tapestry Web Applications
CVE-2020-13953

5.3MEDIUM

Key Information:

Vendor: Apache
Status: Apache Tapestry
Vendor: CVE Published:; 30 September 2020

Summary

In specific versions of Apache Tapestry, an attacker can exploit a malformed URL request to access sensitive files within the WEB-INF directory of the deployed web application. This vulnerability allows unauthorized access to files that may contain sensitive configuration data or application logic, increasing the risk of data exposure. Organizations using affected versions of Apache Tapestry should apply security patches and review application configurations to mitigate potential threats.

Affected Version(s)

Apache Tapestry Apache Tapestry from 5.4.0 to 5.5.0

References

https://lists.apache.org/thread.html/r50eb12e8a12074a9b7e...

x_refsource_MISC

https://lists.apache.org/thread.html/r37dab61fc7f7088d431...

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 30, 2020
Vulnerability Reserved
Jun 8, 2020