Apache.Tapestry.ContextAssetRequest.Information.Disclosure
Description
This indicates an attack attempt to exploit an Information Disclosure Vulnerability in Apache Software Foundation Tapestry.
A remote attacker can exploit this vulnerability by sending a crafted HTTP request containing URL-encoded slash characters preceding the blacklisted paths such as WEB-INF and META-INF to the vulnerable server. Successful exploitation could result in the exfiltration of web application sources, classes and property files.
Affected Products
Apache Software Foundation Tapestry 5.4.0 to 5.5.0
Impact
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://lists.apache.org/thread.html/r50eb12e8a12074a9b7ed63cbab91d180d19cc23dc1da3ed5b6e1280f%40%3Cusers.tapestry.apache.org%3E
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |