Back to search
CVE-2014-1972
Published: Aug 22, 2015
Modified: Aug 6, 2024
PUBLISHED
Description
Apache Tapestry before 5.3.6 relies on client-side object storage without checking whether a client has modified an object, which allows remote attackers to cause a denial of service (resource consumption) or execute arbitrary code via crafted serialized data.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://tapestry.apache.org/release-notes-536.html
x_refsource_CONFIRM
https://issues.apache.org/jira/browse/TAP5-2008
x_refsource_CONFIRM
JVN#17611367
third-party-advisory
x_refsource_JVN
JVNDB-2015-000118
third-party-advisory
x_refsource_JVNDB
[oss-security] 20190823 CVE-2019-10071: Timing Attack in HMAC Verification in Apache Tapestry
mailing-list
x_refsource_MLIST
20190825 CVE-2019-10071: Timing Attack in HMAC Verification in Apache Tapestry
mailing-list
x_refsource_FULLDISC
[tapestry-users] 20190913 Re: CVE-2019-10071: Apache Tapestry vulnerability disclosure
mailing-list
x_refsource_MLIST
[tapestry-users] 20191007 Re: CVE-2019-10071: Apache Tapestry vulnerability disclosure
mailing-list
x_refsource_MLIST
[tapestry-commits] 20200531 svn commit: r1061326 [4/4] - in /websites/production/tapestry/content: ./ cache/
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now