CVE-2021-27850 Scanner
Detects 'Remote Code Execution (RCE)' vulnerability in Apache Software Foundation Apache Tapestry affects v. from 5.4.0 to 5.6.2 and from 5.7.0 to 5.7.1.
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
15 seconds
Time Interval
30 days
Scan only one
URL
Toolbox
-
Apache Tapestry is an open-source component-oriented web application framework that allows developers to build scalable and robust web applications. This framework simplifies the web application development process, by providing a set of reusable components and services that can be easily integrated into web applications. Apache Tapestry is widely used in the development community to create web applications of different complexities.
Recently, a critical unauthenticated remote code execution vulnerability, CVE-2021-27850 was detected in all recent versions of Apache Tapestry, including 5.4.5, 5.5.0, 5.6.2, and 5.7.0. This vulnerability bypasses the fix for CVE-2019-0195, where attackers could download arbitrary class files from the classpath by providing a crafted asset file URL. The blacklisting method introduced to fix CVE-2019-0195 vulnerability was not enough, which is why this vulnerability was discovered and exploited.
This remote code execution vulnerability can be used to execute arbitrary Java code on any affected server without authentication, leading to potential data breaches and thefts. The exploit could allow an attacker to inject unauthorized code in a compromised application, allowing the attacker to perform various malicious activities, including accessing sensitive data, taking remote control, and disrupting normal operations.
In conclusion, understanding the potential security threats to your digital assets is essential. The s4e.io platform provides users with advanced features that enable them to stay up-to-date with the latest vulnerabilities and security threats. By keeping up to date with the latest security threats and implementing the recommended security best practices, you can secure your digital assets effectively.
REFERENCES
