Security for everyone

CVE-2021-27850 Scanner

Detects 'Remote Code Execution (RCE)' vulnerability in Apache Software Foundation Apache Tapestry affects v. from 5.4.0 to 5.6.2 and from 5.7.0 to 5.7.1.

SCAN NOW

Short Info


Level

Critical

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

15 sec

Scan only one

Url

Source

-

Apache Tapestry is an open-source component-oriented web application framework that allows developers to build scalable and robust web applications. This framework simplifies the web application development process, by providing a set of reusable components and services that can be easily integrated into web applications. Apache Tapestry is widely used in the development community to create web applications of different complexities.

Recently, a critical unauthenticated remote code execution vulnerability, CVE-2021-27850 was detected in all recent versions of Apache Tapestry, including 5.4.5, 5.5.0, 5.6.2, and 5.7.0. This vulnerability bypasses the fix for CVE-2019-0195, where attackers could download arbitrary class files from the classpath by providing a crafted asset file URL. The blacklisting method introduced to fix CVE-2019-0195 vulnerability was not enough, which is why this vulnerability was discovered and exploited.

This remote code execution vulnerability can be used to execute arbitrary Java code on any affected server without authentication, leading to potential data breaches and thefts. The exploit could allow an attacker to inject unauthorized code in a compromised application, allowing the attacker to perform various malicious activities, including accessing sensitive data, taking remote control, and disrupting normal operations.

In conclusion, understanding the potential security threats to your digital assets is essential. The securityforeveryone.com platform provides users with advanced features that enable them to stay up-to-date with the latest vulnerabilities and security threats. By keeping up to date with the latest security threats and implementing the recommended security best practices, you can secure your digital assets effectively.

 

REFERENCES

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture