CVE-2022-31781

Apache Tapestry up to version 5.8.1 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles Content Types. Specially crafted Content Types may cause catastrophic backtracking, taking exponential time to complete. Specifically, this is about the regular expression used on the parameter of the org.apache.tapestry5.http.ContentType class. Apache Tapestry 5.8.2 has a fix for this vulnerability. Notice the vulnerability cannot be triggered by web requests in Tapestry code alone. It would only happen if there's some non-Tapestry codepath passing some outside input to the ContentType class constructor.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.openwall.com/lists/oss-security/2022/07/12/3	Mailing List Vendor Advisory
https://www.openwall.com/lists/oss-security/2022/07/12/3	Mailing List Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:tapestry:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:05

Type	Values Removed	Values Added
References	~~() https://www.openwall.com/lists/oss-security/2022/07/12/3 - Mailing List, Vendor Advisory~~	() https://www.openwall.com/lists/oss-security/2022/07/12/3 - Mailing List, Vendor Advisory

24 Jul 2023, 13:16

Type	Values Removed	Values Added
CWE	~~NVD-CWE-Other~~	CWE-1333

Information

Published : 2022-07-13 08:15

Updated : 2024-11-21 07:05

NVD link : CVE-2022-31781

Mitre link : CVE-2022-31781

CVE.ORG link : CVE-2022-31781

JSON object : View

Products Affected

apache

tapestry

CWE

CWE-1333

Inefficient Regular Expression Complexity

{"id": "CVE-2022-31781", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-07-13T08:15:07.213", "references": [{"url": "https://www.openwall.com/lists/oss-security/2022/07/12/3", "tags": ["Mailing List", "Vendor Advisory"], "source": "security@apache.org"}, {"url": "https://www.openwall.com/lists/oss-security/2022/07/12/3", "tags": ["Mailing List", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security@apache.org", "description": [{"lang": "en", "value": "CWE-1333"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-1333"}]}], "descriptions": [{"lang": "en", "value": "Apache Tapestry up to version 5.8.1 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles Content Types. Specially crafted Content Types may cause catastrophic backtracking, taking exponential time to complete. Specifically, this is about the regular expression used on the parameter of the org.apache.tapestry5.http.ContentType class. Apache Tapestry 5.8.2 has a fix for this vulnerability. Notice the vulnerability cannot be triggered by web requests in Tapestry code alone. It would only happen if there's some non-Tapestry codepath passing some outside input to the ContentType class constructor."}, {"lang": "es", "value": "Apache Tapestry versiones hasta 5.8.1 es vulnerable a una Denegaci\u00f3n de Servicio por Expresi\u00f3n Regular (ReDoS) en la forma en que maneja los Tipos de Contenido. Los Tipos de Contenido especialmente dise\u00f1ados pueden causar un retroceso catastr\u00f3fico, tardando un tiempo exponencial en completarse. En concreto, esto es acerca de la expresi\u00f3n regular usada en el par\u00e1metro de la clase org.apache.tapestry5.http.ContentType. Apache Tapestry versi\u00f3n 5.8.2 presenta una correcci\u00f3n para esta vulnerabilidad. Obs\u00e9rvese que la vulnerabilidad no puede ser desencadenada s\u00f3lo por peticiones web en el c\u00f3digo de Tapestry. S\u00f3lo ocurrir\u00eda si se presenta alg\u00fan codepath no Tapestry pasando alguna entrada externa al constructor de la clase ContentType"}], "lastModified": "2024-11-21T07:05:18.387", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:tapestry:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74B1B9B9-B0DD-42B4-86BE-587593E365E3", "versionEndExcluding": "5.8.2"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}