CVE STALKER

CVE-2021-27850

CVSS
DESCRIPTIONA critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of CVE-2019-0195 it was possible to download arbitrary class files from the classpath by providing a crafted asset file URL. An attacker was able to download the file `AppModule.class` by requesting the URL `http://localhost:8080/assets/something/services/AppModule.class` which contains a HMAC secret key. The fix for that bug was a blacklist filter that checks if the URL ends with `.class`, `.properties` or `.xml`. Bypass: Unfortunately, the blacklist solution can simply be bypassed by appending a `/` at the end of the URL: `http://localhost:8080/assets/something/services/AppModule.class/` The slash is stripped after the blacklist check and the file `AppModule.class` is loaded into the response. This class usually contains the HMAC secret key which is used to sign serialized Java objects. With the knowledge of that key an attacker can sign a Java gadget chain that leads to RCE (e.g. CommonsBeanUtils1 from ysoserial). Solution for this vulnerability: * For Apache Tapestry 5.4.0 to 5.6.1, upgrade to 5.6.2 or later. * For Apache Tapestry 5.7.0, upgrade to 5.7.1 or later.
HEAT SCORE256

WORDS

TWEETS

DATE TWEETS USER
2021-07-07 00:40:22CVE-2021-27850_POC - A Proof Of Concept For CVE-2021-27850 Affecting Apache Tapestry And Leading To Unauthencticate… https://t.co/LIFLuLVvbH https://twitter.com/i/web/status/1412569814875340800AcooEdi
2021-07-05 06:50:05#cve New vulnerability: Aapche Tapestry Unserialize RCE(CVE-2021-27850) (RedTeam version) More Vulnerabilities,… https://t.co/A4olmHEqNo https://twitter.com/i/web/status/1411939747812020224goby77463399
2021-06-29 17:40:05A Proof of Concept has been released for CVE-2021-27850 affecting Apache Tapestry and leading to unauthencticated r… https://t.co/xweMk6UZIV https://twitter.com/i/web/status/1409929406777278472K1N0SA
2021-06-29 16:30:23"A PoC exploit has been released for a critical unauthenticated RCE vulnerability (CVE-2021-27850) discovered in al… https://t.co/pIwWcHPwpd https://twitter.com/i/web/status/1409909689882759171trip_elix
2021-06-29 15:50:21New post in https://t.co/1F9xRsdlML: CVE-2021-27850 Exploit https://t.co/hcDEq88BYW https://t.co/Nnk3sFoHVk http://canyoupwn.me https://bit.ly/3AbmT9Z https://bit.ly/3doFFkqcypmsecnews
2021-06-29 15:40:18A PoC exploit has been released for a critical unauthenticated RCE vulnerability (CVE-2021-27850) discovered in all… https://t.co/TlPD5DvLSQ https://twitter.com/i/web/status/1409898390737985545TheHackersNews
2021-06-28 16:30:08New #CVE-2021-27850 unauthenticated remote code execution #RCE vulnerability that was found in all recent versions… https://t.co/zwSppA2Uw1 https://twitter.com/i/web/status/1409547530027810822misaelban
2021-06-28 11:00:06CVE-2021-27850 Exploit PoC - Vulnerabilidad de ejecución remota de código no autenticado #RCE en todas las versione… https://t.co/RgDYM9b84u https://twitter.com/i/web/status/1409464935080398849elhackernet
2021-06-27 11:51:32A Proof of concept for CVE-2021-27850 affecting Apache Tapestry and leading to unauthencticated remote code executi… https://t.co/sXH0QfWCTI https://twitter.com/i/web/status/1409114912081711110nuria_imeq
2021-06-27 10:30:22GitHub – kahla-sec/CVE-2021-27850_POC: A Proof of concept for CVE-2021-27850 affecting Apache Tapestry and leading… https://t.co/YrfRbQzAFP https://twitter.com/i/web/status/1409094670857216003d34dr4bbit
2021-06-27 10:00:07A Proof of concept for CVE-2021-27850 affecting Apache Tapestry and leading to unauthencticated remote code executi… https://t.co/8y4BDnmgdD https://twitter.com/i/web/status/1409088769991581706ptracesecurity
2021-06-27 08:30:36CVE-2021-27850 Apache Tapestry遠程執行代碼漏洞 https://t.co/xEeFxZ0BCT https://www.pwnwiki.org/index.php?title=CVE-2021-27850_Apache_Tapestry%E9%81%A0%E7%A8%8B%E5%9F%B7%E8%A1%8C%E4%BB%A3%E7%A2%BC%E6%BC%8F%E6%B4%9Epwnwikiorg
2021-06-26 19:40:26CVE-2021-27850: unauthenticated remote code execution vulnerability that was found in all recent versions of Apache… https://t.co/JLk8EgvXhG https://twitter.com/i/web/status/1408871138898419714cyber_advising
2021-06-26 15:50:19GitHub - kahla-sec/CVE-2021-27850_POC: A Proof of concept for CVE-2021-27850 affecting Apache Tapestry and leading… https://t.co/TlSUhw64gX https://twitter.com/i/web/status/1408814372940615683Securityblog
2021-06-26 08:40:50exploit A PoC for CVE-2021-27850 affecting Apache Tapestry and leading to unauthencticated RCE Threat Research Mul… https://t.co/DBP5rb04Kr https://twitter.com/i/web/status/1408706209872502785AlirezaGhahrood
2021-06-26 05:40:26CVE-2021-27850 A critical unauthenticated remote code execution vulnerability was found all recent versions of Apa… https://t.co/GB1lKCfACZ https://twitter.com/i/web/status/1408660193479626752VulmonFeeds
2021-06-25 23:20:28GitHub - kahla-sec/CVE-2021-27850_POC: A Proof of concept for CVE-2021-27850 affecting Apache Tapestry and leading… https://t.co/oRdxHSo5nh https://twitter.com/i/web/status/1408563640836390914piedpiper1616
2021-06-25 14:40:06A POC for CVE-2021-27850 affecting Apache Tapestry recent versions and leading to unauthenticated RCE. As far as I… https://t.co/N7xePhYveS https://twitter.com/i/web/status/1408434391404138499BelkahlaAhmed1
2021-06-03 08:00:05🔴APACHE🔴 Múltiples vulnerabilidades de severidad alta en productos APACHE: CVE-2021-23937,CVE-2021-27850 Más inf… https://t.co/RQJSm87OHg https://twitter.com/i/web/status/1400361361239052291GrupoICA_Ciber
2021-05-29 08:00:07🔴APACHE🔴 Múltiples vulnerabilidades de severidad alta en productos APACHE: CVE-2021-30638,CVE-2021-27850 Más inf… https://t.co/wK4oNQIBcu https://twitter.com/i/web/status/1398548449310748676GrupoICA_Ciber
2021-05-28 10:40:18🚨 NEW: CVE-2021-27850 🚨 A critical unauthenticated remote code execution vulnerability was found all recent version… https://t.co/MAhnCFaoCW https://twitter.com/i/web/status/1398225139297402885threatintelctr
2021-04-22 14:40:54New post from https://t.co/uXvPWJy6tj (CVE-2021-27850 (tapestry)) has been published on https://t.co/UYFr5ZXZWV http://www.sesin.at https://www.sesin.at/2021/04/22/cve-2021-27850-tapestry/WolfgangSesin
2021-04-22 14:40:35New post from https://t.co/9KYxtdZjkl (CVE-2021-27850 (tapestry)) has been published on https://t.co/uaBose8vVk http://www.sesin.at https://www.sesin.at/2021/04/22/cve-2021-27850-tapestry/www_sesin_at
2021-04-17 11:30:17New post from https://t.co/9KYxtdHHVL (CVE-2021-27850) has been published on https://t.co/vIfA0DLaWb http://www.sesin.at https://www.sesin.at/2021/04/17/cve-2021-27850/www_sesin_at
2021-04-17 11:30:15New post from https://t.co/uXvPWJPHkR (CVE-2021-27850) has been published on https://t.co/f8uOJ7x9dJ http://www.sesin.at https://www.sesin.at/2021/04/17/cve-2021-27850/WolfgangSesin
2021-04-16 17:00:03Apache Critical Security Vulnerability — CVE-2021-27850 — First Hackers News https://t.co/fBE1JMC1ZK https://t.co/zepfYKvWL9 https://firsthackersnews.com/apache-critical-security-vulnerability-cve-2021-27850/Info_FHNews
2021-04-15 13:30:08CVE-2021-27850: Apache Tapestry: Bypass of the fix for CVE-2019-0195: Posted by Thiago H. de Paula Figueiredo on Ap… https://t.co/dmeseFCNfa https://twitter.com/i/web/status/1382686408750428160oss_security
2021-04-15 13:10:07My real name is CVE-2021-27850 but all my friends call me Communal Owl https://t.co/maAaXrgobU https://nvd.nist.gov/vuln/detail/CVE-2021-27850vulnonym
2021-04-15 11:30:05Apache - CVE-2021-27850: https://t.co/6HGKQzIMKb https://lists.apache.org/thread.html/r237ff7f286bda31682c254550c1ebf92b0ec61329b32fbeb2d1c8751%40%3Cusers.tapestry.apache.org%3ELinInfoSec
2021-04-15 11:20:05CVE Liste posted "CVE-2021-27850" See full original article: https://t.co/C3wvuM0KMy All our feeds: https://t.co/EOLcNJGCHf https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27850 https://secnews.physaphae.frInfoSecPhysa
2021-04-15 10:50:03CVE-2021-27850 A critical unauthenticated remote code execution vulnerability was found all recent versions of Apa… https://t.co/ZoZ4trBccz https://twitter.com/i/web/status/1382646942602248194VulmonFeeds
2021-04-15 08:50:07CVE-2021-27850 A critical unauthenticated remote code execution vulnerability was found all recent versions of Apac… https://t.co/9nwfio08Q1 https://twitter.com/i/web/status/1382616014299533313CVEnew
2021-04-15 08:40:11🚨 NEW: CVE-2021-27850 🚨 A critical unauthenticated remote code execution vulnerability was found all recent version… https://t.co/NfuQMNFtvy https://twitter.com/i/web/status/1382612260414234625threatintelctr