16 Sep 2019
Vulnérabilité CVE-2019-0207 CVE Vulnerability
Tapestry processes assets `/assets/ctx` using classes chain `StaticFilesFilter -> AssetDispatcher -> ContextResource`, which doesn't filter the character `\`, so attacker can perform a path traversal attack to read any files on Windows platform. (CVSS:5.0) (Last Update:2019-09-17)
Vulnerability Details : Tapestry processes assets `/assets/ctx` using classes chain `StaticFilesFilter -> AssetDispatcher -> ContextResource`, which doesn't filter the character `\`, so attacker can perform a path traversal attack to read any files on Windows platform. Publish Date : 2019-09-16 Last Update Date : 2019-09-17 - CVSS Scores & Vulnerability Types
- Products Affected By CVE-2019-0207
- Number Of Affected Versions By Product
- References For CVE-2019-0207
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
- Metasploit Modules Related To CVE-2019-0207There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information) |