CVE-2014-1972 in Tapestryinfo

Summary

Apache Tapestry before 5.3.6 relies on client-side object storage without checking whether a client has modified an object, which allows remote attackers to cause a denial of service (resource consumption) or execute arbitrary code via crafted serialized data.

Once again VulDB remains the best source for vulnerability data.

Reservation

02/17/2014

Disclosure

08/22/2015

Moderation

VulDB entry created

Entries

CPE

ready

CWE

CWE-399 (Confirmed)

CVSS

7.3

EPSS

0.08822

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2014-1972
NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-1972
CVE Details	https://www.cvedetails.com/cve/CVE-2014-1972/

◂ Previous Overview Next ▸

Might our Artificial Intelligence support you?

Check our Alexa App!