virus logo Intrusion Prevention

Apache.Tapestry.ClasspathAssetRequest.Information.Disclosure

description-logoDescription

This indicates an attack attempt to exploit an Information Disclosure Vulnerability in Apache Software Foundation Tapestry.
This vulnerability is due to improper input validation and URL manipulation that allows an attacker to download source files. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted request to the vulnerable server. Successful exploitation would result in retrieval of sensitive information which in worst case can lead to arbitrary code execution.

affected-products-logoAffected Products

Apache Software Foundation Tapestry 5.4.0 to 5.5.0

Impact logoImpact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://tapestry.apache.org/release-notes-571.html

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2021-05-11 18.078 Default_action:pass:drop
2021-05-04 18.072
ID 50240
Created Apr 26, 2021
Updated May 11, 2021
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
CVE ID CVE-2021-27850
Exploit Prediction Score 97.39%
Default Action drop
Active
Affected OS Windows, Linux, BSD, Solaris, MacOS
Affected App Apache