Apache Tapestry before 5.3.6 relies on client-side object storage without checking whether a client has modified an object, which allows remote attackers to cause a denial of service (resource consumption) or execute arbitrary code via crafted serialized data.
References
Configurations
History
07 Nov 2023, 02:19
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2015-08-22 23:59
Updated : 2023-12-10 11:46
NVD link : CVE-2014-1972
Mitre link : CVE-2014-1972
CVE.ORG link : CVE-2014-1972
JSON object : View
Products Affected
apache
- tapestry
CWE
CWE-399
Resource Management Errors