cvelistv5 - cve-2014-1972

cve-2014-1972

Vulnerability from cvelistv5

Published

2015-08-22 23:00

Modified

2024-08-06 09:58

Severity ?

Summary

Apache Tapestry before 5.3.6 relies on client-side object storage without checking whether a client has modified an object, which allows remote attackers to cause a denial of service (resource consumption) or execute arbitrary code via crafted serialized data.

References

URL	Tags
vultures@jpcert.or.jp	http://jvn.jp/en/jp/JVN17611367/index.html	Vendor Advisory
vultures@jpcert.or.jp	http://jvndb.jvn.jp/jvndb/JVNDB-2015-000118	Vendor Advisory
vultures@jpcert.or.jp	http://seclists.org/fulldisclosure/2019/Aug/20
vultures@jpcert.or.jp	http://www.openwall.com/lists/oss-security/2019/08/23/5
vultures@jpcert.or.jp	https://issues.apache.org/jira/browse/TAP5-2008
vultures@jpcert.or.jp	https://lists.apache.org/thread.html/84e99dedad2ecb4676de93c3ab73a8a10882951ab6984f514707f3d9%40%3Cusers.tapestry.apache.org%3E
vultures@jpcert.or.jp	https://lists.apache.org/thread.html/bac8d6f9e1b4059b319d9cba6f33219a99b81623476ec896138f851c%40%3Cusers.tapestry.apache.org%3E
vultures@jpcert.or.jp	https://lists.apache.org/thread.html/r7d9c54beb1dc97dcccc58d9b5d31f0f7166f9a25ad1beba5f8091e0c%40%3Ccommits.tapestry.apache.org%3E
vultures@jpcert.or.jp	https://lists.apache.org/thread.html/r87523dd07886223aa086edc25fe9b8ddb9c1090f7db25b068dc30843%40%3Ccommits.tapestry.apache.org%3E
vultures@jpcert.or.jp	https://tapestry.apache.org/release-notes-536.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://jvn.jp/en/jp/JVN17611367/index.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://jvndb.jvn.jp/jvndb/JVNDB-2015-000118	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2019/Aug/20
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2019/08/23/5
af854a3a-2127-422b-91ae-364da2661108	https://issues.apache.org/jira/browse/TAP5-2008
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/84e99dedad2ecb4676de93c3ab73a8a10882951ab6984f514707f3d9%40%3Cusers.tapestry.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/bac8d6f9e1b4059b319d9cba6f33219a99b81623476ec896138f851c%40%3Cusers.tapestry.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r7d9c54beb1dc97dcccc58d9b5d31f0f7166f9a25ad1beba5f8091e0c%40%3Ccommits.tapestry.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r87523dd07886223aa086edc25fe9b8ddb9c1090f7db25b068dc30843%40%3Ccommits.tapestry.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://tapestry.apache.org/release-notes-536.html	Vendor Advisory

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T09:58:15.657Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://tapestry.apache.org/release-notes-536.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://issues.apache.org/jira/browse/TAP5-2008",
               },
               {
                  name: "JVN#17611367",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_JVN",
                     "x_transferred",
                  ],
                  url: "http://jvn.jp/en/jp/JVN17611367/index.html",
               },
               {
                  name: "JVNDB-2015-000118",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_JVNDB",
                     "x_transferred",
                  ],
                  url: "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000118",
               },
               {
                  name: "[oss-security] 20190823 CVE-2019-10071: Timing Attack in HMAC Verification in Apache Tapestry",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2019/08/23/5",
               },
               {
                  name: "20190825 CVE-2019-10071: Timing Attack in HMAC Verification in Apache Tapestry",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2019/Aug/20",
               },
               {
                  name: "[tapestry-users] 20190913 Re: CVE-2019-10071: Apache Tapestry vulnerability disclosure",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/84e99dedad2ecb4676de93c3ab73a8a10882951ab6984f514707f3d9%40%3Cusers.tapestry.apache.org%3E",
               },
               {
                  name: "[tapestry-users] 20191007 Re: CVE-2019-10071: Apache Tapestry vulnerability disclosure",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/bac8d6f9e1b4059b319d9cba6f33219a99b81623476ec896138f851c%40%3Cusers.tapestry.apache.org%3E",
               },
               {
                  name: "[tapestry-commits] 20200111 svn commit: r1055136 [2/2] - in /websites/production/tapestry/content: cache/main.pageCache component-rendering.html content-type-and-markup.html dom.html https.html request-processing.html response-compression.html security.html url-rewriting.html",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r87523dd07886223aa086edc25fe9b8ddb9c1090f7db25b068dc30843%40%3Ccommits.tapestry.apache.org%3E",
               },
               {
                  name: "[tapestry-commits] 20200531 svn commit: r1061326 [4/4] - in /websites/production/tapestry/content: ./ cache/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r7d9c54beb1dc97dcccc58d9b5d31f0f7166f9a25ad1beba5f8091e0c%40%3Ccommits.tapestry.apache.org%3E",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2015-08-20T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Apache Tapestry before 5.3.6 relies on client-side object storage without checking whether a client has modified an object, which allows remote attackers to cause a denial of service (resource consumption) or execute arbitrary code via crafted serialized data.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-05-31T17:06:05",
            orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            shortName: "jpcert",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://tapestry.apache.org/release-notes-536.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://issues.apache.org/jira/browse/TAP5-2008",
            },
            {
               name: "JVN#17611367",
               tags: [
                  "third-party-advisory",
                  "x_refsource_JVN",
               ],
               url: "http://jvn.jp/en/jp/JVN17611367/index.html",
            },
            {
               name: "JVNDB-2015-000118",
               tags: [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
               ],
               url: "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000118",
            },
            {
               name: "[oss-security] 20190823 CVE-2019-10071: Timing Attack in HMAC Verification in Apache Tapestry",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2019/08/23/5",
            },
            {
               name: "20190825 CVE-2019-10071: Timing Attack in HMAC Verification in Apache Tapestry",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://seclists.org/fulldisclosure/2019/Aug/20",
            },
            {
               name: "[tapestry-users] 20190913 Re: CVE-2019-10071: Apache Tapestry vulnerability disclosure",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/84e99dedad2ecb4676de93c3ab73a8a10882951ab6984f514707f3d9%40%3Cusers.tapestry.apache.org%3E",
            },
            {
               name: "[tapestry-users] 20191007 Re: CVE-2019-10071: Apache Tapestry vulnerability disclosure",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/bac8d6f9e1b4059b319d9cba6f33219a99b81623476ec896138f851c%40%3Cusers.tapestry.apache.org%3E",
            },
            {
               name: "[tapestry-commits] 20200111 svn commit: r1055136 [2/2] - in /websites/production/tapestry/content: cache/main.pageCache component-rendering.html content-type-and-markup.html dom.html https.html request-processing.html response-compression.html security.html url-rewriting.html",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r87523dd07886223aa086edc25fe9b8ddb9c1090f7db25b068dc30843%40%3Ccommits.tapestry.apache.org%3E",
            },
            {
               name: "[tapestry-commits] 20200531 svn commit: r1061326 [4/4] - in /websites/production/tapestry/content: ./ cache/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r7d9c54beb1dc97dcccc58d9b5d31f0f7166f9a25ad1beba5f8091e0c%40%3Ccommits.tapestry.apache.org%3E",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "vultures@jpcert.or.jp",
               ID: "CVE-2014-1972",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Apache Tapestry before 5.3.6 relies on client-side object storage without checking whether a client has modified an object, which allows remote attackers to cause a denial of service (resource consumption) or execute arbitrary code via crafted serialized data.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://tapestry.apache.org/release-notes-536.html",
                     refsource: "CONFIRM",
                     url: "https://tapestry.apache.org/release-notes-536.html",
                  },
                  {
                     name: "https://issues.apache.org/jira/browse/TAP5-2008",
                     refsource: "CONFIRM",
                     url: "https://issues.apache.org/jira/browse/TAP5-2008",
                  },
                  {
                     name: "JVN#17611367",
                     refsource: "JVN",
                     url: "http://jvn.jp/en/jp/JVN17611367/index.html",
                  },
                  {
                     name: "JVNDB-2015-000118",
                     refsource: "JVNDB",
                     url: "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000118",
                  },
                  {
                     name: "[oss-security] 20190823 CVE-2019-10071: Timing Attack in HMAC Verification in Apache Tapestry",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2019/08/23/5",
                  },
                  {
                     name: "20190825 CVE-2019-10071: Timing Attack in HMAC Verification in Apache Tapestry",
                     refsource: "FULLDISC",
                     url: "http://seclists.org/fulldisclosure/2019/Aug/20",
                  },
                  {
                     name: "[tapestry-users] 20190913 Re: CVE-2019-10071: Apache Tapestry vulnerability disclosure",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/84e99dedad2ecb4676de93c3ab73a8a10882951ab6984f514707f3d9@%3Cusers.tapestry.apache.org%3E",
                  },
                  {
                     name: "[tapestry-users] 20191007 Re: CVE-2019-10071: Apache Tapestry vulnerability disclosure",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/bac8d6f9e1b4059b319d9cba6f33219a99b81623476ec896138f851c@%3Cusers.tapestry.apache.org%3E",
                  },
                  {
                     name: "[tapestry-commits] 20200111 svn commit: r1055136 [2/2] - in /websites/production/tapestry/content: cache/main.pageCache component-rendering.html content-type-and-markup.html dom.html https.html request-processing.html response-compression.html security.html url-rewriting.html",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r87523dd07886223aa086edc25fe9b8ddb9c1090f7db25b068dc30843@%3Ccommits.tapestry.apache.org%3E",
                  },
                  {
                     name: "[tapestry-commits] 20200531 svn commit: r1061326 [4/4] - in /websites/production/tapestry/content: ./ cache/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r7d9c54beb1dc97dcccc58d9b5d31f0f7166f9a25ad1beba5f8091e0c@%3Ccommits.tapestry.apache.org%3E",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce",
      assignerShortName: "jpcert",
      cveId: "CVE-2014-1972",
      datePublished: "2015-08-22T23:00:00",
      dateReserved: "2014-02-17T00:00:00",
      dateUpdated: "2024-08-06T09:58:15.657Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      nvd: "{\"cve\":{\"id\":\"CVE-2014-1972\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2015-08-22T23:59:00.093\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Apache Tapestry before 5.3.6 relies on client-side object storage without checking whether a client has modified an object, which allows remote attackers to cause a denial of service (resource consumption) or execute arbitrary code via crafted serialized data.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad en Apache Tapestry en versiones anteriores a 5.3.6, confía en el almacenamiento de objetos del lado del cliente sin comprobar si un cliente ha modificado un objeto, lo que permite a atacantes remotos causar una denegación de servicio (consumo de recursos) o ejecución de código arbitario a través de datos serializados manipulados.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-399\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tapestry:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.3.5\",\"matchCriteriaId\":\"37A5ED8D-280E-48EA-BED5-84083DBC0015\"}]}]}],\"references\":[{\"url\":\"http://jvn.jp/en/jp/JVN17611367/index.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://jvndb.jvn.jp/jvndb/JVNDB-2015-000118\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2019/Aug/20\",\"source\":\"vultures@jpcert.or.jp\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/08/23/5\",\"source\":\"vultures@jpcert.or.jp\"},{\"url\":\"https://issues.apache.org/jira/browse/TAP5-2008\",\"source\":\"vultures@jpcert.or.jp\"},{\"url\":\"https://lists.apache.org/thread.html/84e99dedad2ecb4676de93c3ab73a8a10882951ab6984f514707f3d9%40%3Cusers.tapestry.apache.org%3E\",\"source\":\"vultures@jpcert.or.jp\"},{\"url\":\"https://lists.apache.org/thread.html/bac8d6f9e1b4059b319d9cba6f33219a99b81623476ec896138f851c%40%3Cusers.tapestry.apache.org%3E\",\"source\":\"vultures@jpcert.or.jp\"},{\"url\":\"https://lists.apache.org/thread.html/r7d9c54beb1dc97dcccc58d9b5d31f0f7166f9a25ad1beba5f8091e0c%40%3Ccommits.tapestry.apache.org%3E\",\"source\":\"vultures@jpcert.or.jp\"},{\"url\":\"https://lists.apache.org/thread.html/r87523dd07886223aa086edc25fe9b8ddb9c1090f7db25b068dc30843%40%3Ccommits.tapestry.apache.org%3E\",\"source\":\"vultures@jpcert.or.jp\"},{\"url\":\"https://tapestry.apache.org/release-notes-536.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://jvn.jp/en/jp/JVN17611367/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://jvndb.jvn.jp/jvndb/JVNDB-2015-000118\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2019/Aug/20\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/08/23/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://issues.apache.org/jira/browse/TAP5-2008\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/84e99dedad2ecb4676de93c3ab73a8a10882951ab6984f514707f3d9%40%3Cusers.tapestry.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/bac8d6f9e1b4059b319d9cba6f33219a99b81623476ec896138f851c%40%3Cusers.tapestry.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r7d9c54beb1dc97dcccc58d9b5d31f0f7166f9a25ad1beba5f8091e0c%40%3Ccommits.tapestry.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r87523dd07886223aa086edc25fe9b8ddb9c1090f7db25b068dc30843%40%3Ccommits.tapestry.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://tapestry.apache.org/release-notes-536.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
   },
}

gsd-2014-1972

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2014-1972

Aliases

CVE-2014-1972

JSON

To clipboard

{
   GSD: {
      alias: "CVE-2014-1972",
      description: "Apache Tapestry before 5.3.6 relies on client-side object storage without checking whether a client has modified an object, which allows remote attackers to cause a denial of service (resource consumption) or execute arbitrary code via crafted serialized data.",
      id: "GSD-2014-1972",
   },
   gsd: {
      metadata: {
         exploitCode: "unknown",
         remediation: "unknown",
         reportConfidence: "confirmed",
         type: "vulnerability",
      },
      osvSchema: {
         aliases: [
            "CVE-2014-1972",
         ],
         details: "Apache Tapestry before 5.3.6 relies on client-side object storage without checking whether a client has modified an object, which allows remote attackers to cause a denial of service (resource consumption) or execute arbitrary code via crafted serialized data.",
         id: "GSD-2014-1972",
         modified: "2023-12-13T01:22:51.633105Z",
         schema_version: "1.4.0",
      },
   },
   namespaces: {
      "cve.org": {
         CVE_data_meta: {
            ASSIGNER: "vultures@jpcert.or.jp",
            ID: "CVE-2014-1972",
            STATE: "PUBLIC",
         },
         affects: {
            vendor: {
               vendor_data: [
                  {
                     product: {
                        product_data: [
                           {
                              product_name: "n/a",
                              version: {
                                 version_data: [
                                    {
                                       version_value: "n/a",
                                    },
                                 ],
                              },
                           },
                        ],
                     },
                     vendor_name: "n/a",
                  },
               ],
            },
         },
         data_format: "MITRE",
         data_type: "CVE",
         data_version: "4.0",
         description: {
            description_data: [
               {
                  lang: "eng",
                  value: "Apache Tapestry before 5.3.6 relies on client-side object storage without checking whether a client has modified an object, which allows remote attackers to cause a denial of service (resource consumption) or execute arbitrary code via crafted serialized data.",
               },
            ],
         },
         problemtype: {
            problemtype_data: [
               {
                  description: [
                     {
                        lang: "eng",
                        value: "n/a",
                     },
                  ],
               },
            ],
         },
         references: {
            reference_data: [
               {
                  name: "https://tapestry.apache.org/release-notes-536.html",
                  refsource: "CONFIRM",
                  url: "https://tapestry.apache.org/release-notes-536.html",
               },
               {
                  name: "https://issues.apache.org/jira/browse/TAP5-2008",
                  refsource: "CONFIRM",
                  url: "https://issues.apache.org/jira/browse/TAP5-2008",
               },
               {
                  name: "JVN#17611367",
                  refsource: "JVN",
                  url: "http://jvn.jp/en/jp/JVN17611367/index.html",
               },
               {
                  name: "JVNDB-2015-000118",
                  refsource: "JVNDB",
                  url: "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000118",
               },
               {
                  name: "[oss-security] 20190823 CVE-2019-10071: Timing Attack in HMAC Verification in Apache Tapestry",
                  refsource: "MLIST",
                  url: "http://www.openwall.com/lists/oss-security/2019/08/23/5",
               },
               {
                  name: "20190825 CVE-2019-10071: Timing Attack in HMAC Verification in Apache Tapestry",
                  refsource: "FULLDISC",
                  url: "http://seclists.org/fulldisclosure/2019/Aug/20",
               },
               {
                  name: "[tapestry-users] 20190913 Re: CVE-2019-10071: Apache Tapestry vulnerability disclosure",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/84e99dedad2ecb4676de93c3ab73a8a10882951ab6984f514707f3d9@%3Cusers.tapestry.apache.org%3E",
               },
               {
                  name: "[tapestry-users] 20191007 Re: CVE-2019-10071: Apache Tapestry vulnerability disclosure",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/bac8d6f9e1b4059b319d9cba6f33219a99b81623476ec896138f851c@%3Cusers.tapestry.apache.org%3E",
               },
               {
                  name: "[tapestry-commits] 20200111 svn commit: r1055136 [2/2] - in /websites/production/tapestry/content: cache/main.pageCache component-rendering.html content-type-and-markup.html dom.html https.html request-processing.html response-compression.html security.html url-rewriting.html",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r87523dd07886223aa086edc25fe9b8ddb9c1090f7db25b068dc30843@%3Ccommits.tapestry.apache.org%3E",
               },
               {
                  name: "[tapestry-commits] 20200531 svn commit: r1061326 [4/4] - in /websites/production/tapestry/content: ./ cache/",
                  refsource: "MLIST",
                  url: "https://lists.apache.org/thread.html/r7d9c54beb1dc97dcccc58d9b5d31f0f7166f9a25ad1beba5f8091e0c@%3Ccommits.tapestry.apache.org%3E",
               },
            ],
         },
      },
      "gitlab.com": {
         advisories: [
            {
               affected_range: "(,5.3.6)",
               affected_versions: "All versions before 5.3.6",
               cvss_v2: "AV:N/AC:L/Au:N/C:N/I:N/A:C",
               cwe_ids: [
                  "CWE-1035",
                  "CWE-399",
                  "CWE-78",
                  "CWE-937",
               ],
               date: "2023-08-16",
               description: "Apache Tapestry before 5.3.6 relies on client-side object storage without checking whether a client has modified an object, which allows remote attackers to cause a denial of service (resource consumption) or execute arbitrary code via crafted serialized data.",
               fixed_versions: [
                  "5.3.6",
               ],
               identifier: "CVE-2014-1972",
               identifiers: [
                  "GHSA-c438-8cvq-pxxx",
                  "CVE-2014-1972",
               ],
               not_impacted: "All versions starting from 5.3.6",
               package_slug: "maven/org.apache.tapestry/tapestry-core",
               pubdate: "2022-05-13",
               solution: "Upgrade to version 5.3.6 or above.",
               title: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
               urls: [
                  "https://nvd.nist.gov/vuln/detail/CVE-2014-1972",
                  "https://issues.apache.org/jira/browse/TAP5-2008",
                  "https://lists.apache.org/thread.html/84e99dedad2ecb4676de93c3ab73a8a10882951ab6984f514707f3d9@%3Cusers.tapestry.apache.org%3E",
                  "https://lists.apache.org/thread.html/bac8d6f9e1b4059b319d9cba6f33219a99b81623476ec896138f851c@%3Cusers.tapestry.apache.org%3E",
                  "https://lists.apache.org/thread.html/r7d9c54beb1dc97dcccc58d9b5d31f0f7166f9a25ad1beba5f8091e0c@%3Ccommits.tapestry.apache.org%3E",
                  "https://lists.apache.org/thread.html/r87523dd07886223aa086edc25fe9b8ddb9c1090f7db25b068dc30843@%3Ccommits.tapestry.apache.org%3E",
                  "https://tapestry.apache.org/release-notes-536.html",
                  "http://jvn.jp/en/jp/JVN17611367/index.html",
                  "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000118",
                  "http://seclists.org/fulldisclosure/2019/Aug/20",
                  "http://www.openwall.com/lists/oss-security/2019/08/23/5",
                  "https://github.com/apache/tapestry-5/commit/5ad5257fdfacbad2c7c480fdf2afa15d9a37e6b0",
                  "https://github.com/advisories/GHSA-c438-8cvq-pxxx",
               ],
               uuid: "e565e5f1-f5f6-44df-9185-51f71f1573ce",
            },
         ],
      },
      "nvd.nist.gov": {
         configurations: {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:apache:tapestry:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "5.3.5",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
            ],
         },
         cve: {
            CVE_data_meta: {
               ASSIGNER: "vultures@jpcert.or.jp",
               ID: "CVE-2014-1972",
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "en",
                     value: "Apache Tapestry before 5.3.6 relies on client-side object storage without checking whether a client has modified an object, which allows remote attackers to cause a denial of service (resource consumption) or execute arbitrary code via crafted serialized data.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "en",
                           value: "CWE-399",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "JVNDB-2015-000118",
                     refsource: "JVNDB",
                     tags: [
                        "Vendor Advisory",
                     ],
                     url: "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000118",
                  },
                  {
                     name: "https://tapestry.apache.org/release-notes-536.html",
                     refsource: "CONFIRM",
                     tags: [
                        "Vendor Advisory",
                     ],
                     url: "https://tapestry.apache.org/release-notes-536.html",
                  },
                  {
                     name: "JVN#17611367",
                     refsource: "JVN",
                     tags: [
                        "Vendor Advisory",
                     ],
                     url: "http://jvn.jp/en/jp/JVN17611367/index.html",
                  },
                  {
                     name: "https://issues.apache.org/jira/browse/TAP5-2008",
                     refsource: "CONFIRM",
                     tags: [],
                     url: "https://issues.apache.org/jira/browse/TAP5-2008",
                  },
                  {
                     name: "[oss-security] 20190823 CVE-2019-10071: Timing Attack in HMAC Verification in Apache Tapestry",
                     refsource: "MLIST",
                     tags: [],
                     url: "http://www.openwall.com/lists/oss-security/2019/08/23/5",
                  },
                  {
                     name: "20190825 CVE-2019-10071: Timing Attack in HMAC Verification in Apache Tapestry",
                     refsource: "FULLDISC",
                     tags: [],
                     url: "http://seclists.org/fulldisclosure/2019/Aug/20",
                  },
                  {
                     name: "[tapestry-users] 20190913 Re: CVE-2019-10071: Apache Tapestry vulnerability disclosure",
                     refsource: "MLIST",
                     tags: [],
                     url: "https://lists.apache.org/thread.html/84e99dedad2ecb4676de93c3ab73a8a10882951ab6984f514707f3d9@%3Cusers.tapestry.apache.org%3E",
                  },
                  {
                     name: "[tapestry-users] 20191007 Re: CVE-2019-10071: Apache Tapestry vulnerability disclosure",
                     refsource: "MLIST",
                     tags: [],
                     url: "https://lists.apache.org/thread.html/bac8d6f9e1b4059b319d9cba6f33219a99b81623476ec896138f851c@%3Cusers.tapestry.apache.org%3E",
                  },
                  {
                     name: "[tapestry-commits] 20200111 svn commit: r1055136 [2/2] - in /websites/production/tapestry/content: cache/main.pageCache component-rendering.html content-type-and-markup.html dom.html https.html request-processing.html response-compression.html security.html url-rewriting.html",
                     refsource: "MLIST",
                     tags: [],
                     url: "https://lists.apache.org/thread.html/r87523dd07886223aa086edc25fe9b8ddb9c1090f7db25b068dc30843@%3Ccommits.tapestry.apache.org%3E",
                  },
                  {
                     name: "[tapestry-commits] 20200531 svn commit: r1061326 [4/4] - in /websites/production/tapestry/content: ./ cache/",
                     refsource: "MLIST",
                     tags: [],
                     url: "https://lists.apache.org/thread.html/r7d9c54beb1dc97dcccc58d9b5d31f0f7166f9a25ad1beba5f8091e0c@%3Ccommits.tapestry.apache.org%3E",
                  },
               ],
            },
         },
         impact: {
            baseMetricV2: {
               cvssV2: {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  availabilityImpact: "COMPLETE",
                  baseScore: 7.8,
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                  version: "2.0",
               },
               exploitabilityScore: 10,
               impactScore: 6.9,
               obtainAllPrivilege: false,
               obtainOtherPrivilege: false,
               obtainUserPrivilege: false,
               severity: "HIGH",
               userInteractionRequired: false,
            },
         },
         lastModifiedDate: "2020-05-31T18:15Z",
         publishedDate: "2015-08-22T23:59Z",
      },
   },
}

ghsa-c438-8cvq-pxxx

Vulnerability from github

Published

2022-05-13 01:26

Modified

2023-08-07 20:22

Summary

Apache Tapestry Unsafe Object Storage

Details

Show details on source website

JSON

To clipboard

{
   affected: [
      {
         package: {
            ecosystem: "Maven",
            name: "org.apache.tapestry:tapestry-core",
         },
         ranges: [
            {
               events: [
                  {
                     introduced: "0",
                  },
                  {
                     fixed: "5.3.6",
                  },
               ],
               type: "ECOSYSTEM",
            },
         ],
      },
   ],
   aliases: [
      "CVE-2014-1972",
   ],
   database_specific: {
      cwe_ids: [
         "CWE-502",
      ],
      github_reviewed: true,
      github_reviewed_at: "2023-08-07T20:22:29Z",
      nvd_published_at: "2015-08-22T23:59:00Z",
      severity: "HIGH",
   },
   details: "Apache Tapestry before 5.3.6 relies on client-side object storage without checking whether a client has modified an object, which allows remote attackers to cause a denial of service (resource consumption) or execute arbitrary code via crafted serialized data.",
   id: "GHSA-c438-8cvq-pxxx",
   modified: "2023-08-07T20:22:29Z",
   published: "2022-05-13T01:26:11Z",
   references: [
      {
         type: "ADVISORY",
         url: "https://nvd.nist.gov/vuln/detail/CVE-2014-1972",
      },
      {
         type: "WEB",
         url: "https://github.com/apache/tapestry-5/commit/5ad5257fdfacbad2c7c480fdf2afa15d9a37e6b0",
      },
      {
         type: "WEB",
         url: "https://github.com/apache/tapestry-5",
      },
      {
         type: "WEB",
         url: "https://issues.apache.org/jira/browse/TAP5-2008",
      },
      {
         type: "WEB",
         url: "https://lists.apache.org/thread.html/84e99dedad2ecb4676de93c3ab73a8a10882951ab6984f514707f3d9@%3Cusers.tapestry.apache.org%3E",
      },
      {
         type: "WEB",
         url: "https://lists.apache.org/thread.html/bac8d6f9e1b4059b319d9cba6f33219a99b81623476ec896138f851c@%3Cusers.tapestry.apache.org%3E",
      },
      {
         type: "WEB",
         url: "https://lists.apache.org/thread.html/r7d9c54beb1dc97dcccc58d9b5d31f0f7166f9a25ad1beba5f8091e0c@%3Ccommits.tapestry.apache.org%3E",
      },
      {
         type: "WEB",
         url: "https://lists.apache.org/thread.html/r87523dd07886223aa086edc25fe9b8ddb9c1090f7db25b068dc30843@%3Ccommits.tapestry.apache.org%3E",
      },
      {
         type: "WEB",
         url: "https://tapestry.apache.org/release-notes-536.html",
      },
      {
         type: "WEB",
         url: "http://jvn.jp/en/jp/JVN17611367/index.html",
      },
      {
         type: "WEB",
         url: "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000118",
      },
      {
         type: "WEB",
         url: "http://seclists.org/fulldisclosure/2019/Aug/20",
      },
      {
         type: "WEB",
         url: "http://www.openwall.com/lists/oss-security/2019/08/23/5",
      },
   ],
   schema_version: "1.4.0",
   severity: [],
   summary: "Apache Tapestry Unsafe Object Storage",
}

cve-2014-1972

Vulnerability from jvndb

Published

2015-08-20 15:53

Modified

2015-08-26 17:51

Severity ?

() - -

Summary

Apache Tapestry deserializes untrusted data

Details

Apache Tapestry contains a vulnerability where it may deserialize untrusted data. Apache Tapestry is a framework for creating Java web applications. Apache Tapestry contains an interface where client side serialized data sent to the server is deserialized after it is received by the server. This data serialization / deserialization process does not contain data validation. Therefore, if the serialized data is altered, the server will deserailze data without validating the data (CWE-502). Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

▼	Type	URL
	JVN	https://jvn.jp/en/jp/JVN17611367/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1972
	NVD	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1972
	JPCERT	https://www.jpcert.or.jp/securecoding/2014/OracleJava-AtomicReferenceArray.pdf
	Related Information	https://www.securecoding.cert.org/confluence/display/java/SER02-J.+Sign+then+seal+sensitive+objects+before+sending+them+outside+a+trust+boundary;jsessionid=6418285E96FE6503CBFF59A54A87B1E7
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

▼	Vendor	Product
	Apache Software Foundation	Apache Tapestry

Show details on JVN DB website

JSON

To clipboard

{
   "@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000118.html",
   "dc:date": "2015-08-26T17:51+09:00",
   "dcterms:issued": "2015-08-20T15:53+09:00",
   "dcterms:modified": "2015-08-26T17:51+09:00",
   description: "Apache Tapestry contains a vulnerability where it may deserialize untrusted data.\r\n\r\nApache Tapestry is a framework for creating Java web applications. Apache Tapestry contains an interface where client side serialized data sent to the server is deserialized after it is received by the server. This data serialization / deserialization process does not contain data validation. Therefore, if the serialized data is altered, the server will deserailze data without validating the data (CWE-502).\r\n\r\nTakeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
   link: "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000118.html",
   "sec:cpe": {
      "#text": "cpe:/a:apache:tapestry",
      "@product": "Apache Tapestry",
      "@vendor": "Apache Software Foundation",
      "@version": "2.2",
   },
   "sec:cvss": {
      "@score": "6.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
      "@version": "2.0",
   },
   "sec:identifier": "JVNDB-2015-000118",
   "sec:references": [
      {
         "#text": "https://jvn.jp/en/jp/JVN17611367/index.html",
         "@id": "JVN#17611367",
         "@source": "JVN",
      },
      {
         "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1972",
         "@id": "CVE-2014-1972",
         "@source": "CVE",
      },
      {
         "#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1972",
         "@id": "CVE-2014-1972",
         "@source": "NVD",
      },
      {
         "#text": "https://www.jpcert.or.jp/securecoding/2014/OracleJava-AtomicReferenceArray.pdf",
         "@id": "OracleJava-AtomicReferenceArray.pdf",
         "@source": "JPCERT",
      },
      {
         "#text": "https://www.securecoding.cert.org/confluence/display/java/SER02-J.+Sign+then+seal+sensitive+objects+before+sending+them+outside+a+trust+boundary;jsessionid=6418285E96FE6503CBFF59A54A87B1E7",
         "@id": "SER02-J. Sign then seal sensitive objects before sending them outside a trust boundary",
         "@source": "Related Information",
      },
      {
         "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
         "@id": "CWE-Other",
         "@title": "No Mapping(CWE-Other)",
      },
   ],
   title: "Apache Tapestry deserializes untrusted data",
}

fkie_cve-2014-1972

Vulnerability from fkie_nvd

Published

2015-08-22 23:59

Modified

2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
vultures@jpcert.or.jp	http://jvn.jp/en/jp/JVN17611367/index.html	Vendor Advisory
vultures@jpcert.or.jp	http://jvndb.jvn.jp/jvndb/JVNDB-2015-000118	Vendor Advisory
vultures@jpcert.or.jp	http://seclists.org/fulldisclosure/2019/Aug/20
vultures@jpcert.or.jp	http://www.openwall.com/lists/oss-security/2019/08/23/5
vultures@jpcert.or.jp	https://issues.apache.org/jira/browse/TAP5-2008
vultures@jpcert.or.jp	https://lists.apache.org/thread.html/84e99dedad2ecb4676de93c3ab73a8a10882951ab6984f514707f3d9%40%3Cusers.tapestry.apache.org%3E
vultures@jpcert.or.jp	https://lists.apache.org/thread.html/bac8d6f9e1b4059b319d9cba6f33219a99b81623476ec896138f851c%40%3Cusers.tapestry.apache.org%3E
vultures@jpcert.or.jp	https://lists.apache.org/thread.html/r7d9c54beb1dc97dcccc58d9b5d31f0f7166f9a25ad1beba5f8091e0c%40%3Ccommits.tapestry.apache.org%3E
vultures@jpcert.or.jp	https://lists.apache.org/thread.html/r87523dd07886223aa086edc25fe9b8ddb9c1090f7db25b068dc30843%40%3Ccommits.tapestry.apache.org%3E
vultures@jpcert.or.jp	https://tapestry.apache.org/release-notes-536.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://jvn.jp/en/jp/JVN17611367/index.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://jvndb.jvn.jp/jvndb/JVNDB-2015-000118	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2019/Aug/20
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2019/08/23/5
af854a3a-2127-422b-91ae-364da2661108	https://issues.apache.org/jira/browse/TAP5-2008
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/84e99dedad2ecb4676de93c3ab73a8a10882951ab6984f514707f3d9%40%3Cusers.tapestry.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/bac8d6f9e1b4059b319d9cba6f33219a99b81623476ec896138f851c%40%3Cusers.tapestry.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r7d9c54beb1dc97dcccc58d9b5d31f0f7166f9a25ad1beba5f8091e0c%40%3Ccommits.tapestry.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r87523dd07886223aa086edc25fe9b8ddb9c1090f7db25b068dc30843%40%3Ccommits.tapestry.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://tapestry.apache.org/release-notes-536.html	Vendor Advisory

Impacted products

	Vendor	Product	Version
	apache	tapestry	*

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:apache:tapestry:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "37A5ED8D-280E-48EA-BED5-84083DBC0015",
                     versionEndIncluding: "5.3.5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Apache Tapestry before 5.3.6 relies on client-side object storage without checking whether a client has modified an object, which allows remote attackers to cause a denial of service (resource consumption) or execute arbitrary code via crafted serialized data.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad en Apache Tapestry en versiones anteriores a 5.3.6, confía en el almacenamiento de objetos del lado del cliente sin comprobar si un cliente ha modificado un objeto, lo que permite a atacantes remotos causar una denegación de servicio (consumo de recursos) o ejecución de código arbitario a través de datos serializados manipulados.",
      },
   ],
   id: "CVE-2014-1972",
   lastModified: "2025-04-12T10:46:40.837",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 7.8,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2015-08-22T23:59:00.093",
   references: [
      {
         source: "vultures@jpcert.or.jp",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://jvn.jp/en/jp/JVN17611367/index.html",
      },
      {
         source: "vultures@jpcert.or.jp",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000118",
      },
      {
         source: "vultures@jpcert.or.jp",
         url: "http://seclists.org/fulldisclosure/2019/Aug/20",
      },
      {
         source: "vultures@jpcert.or.jp",
         url: "http://www.openwall.com/lists/oss-security/2019/08/23/5",
      },
      {
         source: "vultures@jpcert.or.jp",
         url: "https://issues.apache.org/jira/browse/TAP5-2008",
      },
      {
         source: "vultures@jpcert.or.jp",
         url: "https://lists.apache.org/thread.html/84e99dedad2ecb4676de93c3ab73a8a10882951ab6984f514707f3d9%40%3Cusers.tapestry.apache.org%3E",
      },
      {
         source: "vultures@jpcert.or.jp",
         url: "https://lists.apache.org/thread.html/bac8d6f9e1b4059b319d9cba6f33219a99b81623476ec896138f851c%40%3Cusers.tapestry.apache.org%3E",
      },
      {
         source: "vultures@jpcert.or.jp",
         url: "https://lists.apache.org/thread.html/r7d9c54beb1dc97dcccc58d9b5d31f0f7166f9a25ad1beba5f8091e0c%40%3Ccommits.tapestry.apache.org%3E",
      },
      {
         source: "vultures@jpcert.or.jp",
         url: "https://lists.apache.org/thread.html/r87523dd07886223aa086edc25fe9b8ddb9c1090f7db25b068dc30843%40%3Ccommits.tapestry.apache.org%3E",
      },
      {
         source: "vultures@jpcert.or.jp",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tapestry.apache.org/release-notes-536.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://jvn.jp/en/jp/JVN17611367/index.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000118",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://seclists.org/fulldisclosure/2019/Aug/20",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2019/08/23/5",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://issues.apache.org/jira/browse/TAP5-2008",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/84e99dedad2ecb4676de93c3ab73a8a10882951ab6984f514707f3d9%40%3Cusers.tapestry.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/bac8d6f9e1b4059b319d9cba6f33219a99b81623476ec896138f851c%40%3Cusers.tapestry.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/r7d9c54beb1dc97dcccc58d9b5d31f0f7166f9a25ad1beba5f8091e0c%40%3Ccommits.tapestry.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/r87523dd07886223aa086edc25fe9b8ddb9c1090f7db25b068dc30843%40%3Ccommits.tapestry.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tapestry.apache.org/release-notes-536.html",
      },
   ],
   sourceIdentifier: "vultures@jpcert.or.jp",
   vulnStatus: "Deferred",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-399",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2014-1972

Vulnerability from cvelistv5

gsd-2014-1972

Vulnerability from gsd

ghsa-c438-8cvq-pxxx

Vulnerability from github

cve-2014-1972

Vulnerability from jvndb

fkie_cve-2014-1972

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature