Apache.Tapestry.ClasspathAssetRequest.Information.Disclosure
Description
This indicates an attack attempt to exploit an Information Disclosure Vulnerability in Apache Software Foundation Tapestry.
This vulnerability is due to improper input validation and URL manipulation that allows an attacker to download source files. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted request to the vulnerable server. Successful exploitation would result in retrieval of sensitive information which in worst case can lead to arbitrary code execution.
Affected Products
Apache Software Foundation Tapestry 5.4.0 to 5.5.0
Impact
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://tapestry.apache.org/release-notes-571.html
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |