virus logo Intrusion Prevention

Apache.Tapestry.ContextAssetRequest.Information.Disclosure

description-logoDescription

This indicates an attack attempt to exploit an Information Disclosure Vulnerability in Apache Software Foundation Tapestry.
A remote attacker can exploit this vulnerability by sending a crafted HTTP request containing URL-encoded slash characters preceding the blacklisted paths such as WEB-INF and META-INF to the vulnerable server. Successful exploitation could result in the exfiltration of web application sources, classes and property files.

affected-products-logoAffected Products

Apache Software Foundation Tapestry 5.4.0 to 5.5.0

Impact logoImpact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://lists.apache.org/thread.html/r50eb12e8a12074a9b7ed63cbab91d180d19cc23dc1da3ed5b6e1280f%40%3Cusers.tapestry.apache.org%3E

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2020-10-28 16.951 Default_action:pass:drop
2020-10-19 16.945
ID 49530
Created Oct 08, 2020
Updated May 17, 2021
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2021-30638 CVE-2020-13953
Exploit Prediction Score 0.66%
Default Action drop
Active
Affected OS Windows, Linux, BSD, Solaris
Affected App Apache