Threat Encyclopedia

Apache.Tapestry.ClasspathAssetRequest.Information.Disclosure

Description

This indicates an attack attempt to exploit an Information Disclosure Vulnerability in Apache Software Foundation Tapestry.
This vulnerability is due to improper input validation and URL manipulation that allows an attacker to download source files. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted request to the vulnerable server. Successful exploitation would result in retrieval of sensitive information which in worst case can lead to arbitrary code execution.

Affected Products

Apache Software Foundation Tapestry 5.4.0 to 5.5.0

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://tapestry.apache.org/release-notes-571.html

CVE References

CVE-2021-27850