Apache Tapestry 漏洞

时间轴

版本

5.0	4
5.1	4
5.2	4
5.3	4
5.4	4

修正

Official Fix	6
Temporary Fix	0
Workaround	0
Unavailable	0
Not Defined	4

易受攻击性

High	0
Functional	0
Proof-of-Concept	0
Unproven	0
Not Defined	10

访问向量

Not Defined	0
Physical	0
Local	2
Adjacent	2
Network	6

身份验证

Not Defined	0
High	0
Low	4
None	6

用户交互

Not Defined	0
Required	0
None	10

C3BM Index

CVSSv3 Base

≤1	0
≤2	0
≤3	0
≤4	2
≤5	2
≤6	2
≤7	2
≤8	2
≤9	0
≤10	0

CVSSv3 Temp

≤1	0
≤2	0
≤3	0
≤4	2
≤5	2
≤6	2
≤7	4
≤8	0
≤9	0
≤10	0

VulDB

≤1	0
≤2	0
≤3	0
≤4	4
≤5	0
≤6	4
≤7	0
≤8	2
≤9	0
≤10	0

NVD

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	2
≤7	0
≤8	2
≤9	0
≤10	0

CNA

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

供应商

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

Research

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

零日攻击

<1k	0
<2k	0
<5k	4
<10k	0
<25k	4
<50k	2
<100k	0
≥100k	0

本日攻击

<1k	8
<2k	0
<5k	2
<10k	0
<25k	0
<50k	0
<100k	0
≥100k	0

攻击市场容量

🔴 CTI 活动

Affected Versions (27): 3.0, 4, 5.0, 5.1, 5.2, 5.3, 5.3.1, 5.3.2, 5.3.3, 5.3.4, 5.3.5, 5.3.6, 5.4, 5.4.1, 5.4.2, 5.4.3, 5.4.4, 5.4.5, 5.5, 5.6, 5.6.1, 5.6.2, 5.6.3, 5.7, 5.7.1, 5.8, 5.8.1

Link to Product Website: https://www.apache.org/

已发布	Base	Temp	漏洞	0day	今天	易	修正	CTI	CVE
2022-12-02	8.0	7.9	Apache Tapestry 权限升级	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.05	CVE-2022-46366
2022-07-13	6.5	6.4	Apache Tapestry Content-Type org.apache.tapestry5.http.ContentType 权限升级	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	CVE-2022-31781
2021-04-28	3.5	3.5	Apache Tapestry URL 信息公开	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	CVE-2021-30638
2021-04-15	5.3	5.1	Apache Tapestry AppModule.class 权限升级	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.07	CVE-2021-27850
2020-12-09	8.0	7.7	Apache Tapestry 权限升级	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	CVE-2020-17531
2020-09-30	4.3	4.3	Apache Tapestry URL 信息公开	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	CVE-2020-13953
2019-09-16	6.4	6.1	Apache Tapestry ctx ContextResource 目录遍历	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	CVE-2019-0207
2019-09-16	7.5	7.2	Apache Tapestry AppModule 权限升级	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02	CVE-2019-0195
2019-08-23	9.8	9.0	Apache Tapestry HMAC Verification 权限升级	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	CVE-2019-10071
2015-08-22	7.3	7.0	Apache Tapestry Client-Side Object Storage 拒绝服务	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.03	CVE-2014-1972

更多条目由 Apache

◂ 上一步一览下一步 ▸

Interested in the pricing of exploits?

See the underground prices here!