7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.027 Low
EPSS
Percentile
90.5%
Apache Tapestry is a framework for creating Java web applications. Apache Tapestry contains an interface where client side serialized data sent to the server is deserialized after it is received by the server. This data serialization / deserialization process does not contain data validation. Therefore, if the serialized data is altered, the server will deserailze data without validating the data (CWE-502).
When specially crafted input is processed, arbitrary files may be written or arbitrary code may be executed on the application server.
Apply an Update
Update to the latest version according to the information provided by the developer.
Applications that are created using the following versions are affected: