{"id":3112,"date":"2022-08-04T16:08:29","date_gmt":"2022-08-04T21:08:29","guid":{"rendered":"https:\/\/cert.pa\/?p=3112"},"modified":"2022-08-04T16:08:29","modified_gmt":"2022-08-04T21:08:29","slug":"csirt-panama-aviso-2022-08-04-vulnerabilidad-en-apache-tapestry-5-8-1","status":"publish","type":"post","link":"https:\/\/cert.pa\/?p=3112","title":{"rendered":"CSIRT Panam\u00e1 Aviso 2022-08-04 Vulnerabilidad en Apache Tapestry 5.8.1"},"content":{"rendered":"\n<p><strong>Gravedad:<\/strong> Cr\u00edtica<\/p>\n\n\n\n<p><strong>Fecha de publicaci\u00f3n:<\/strong> agosto 04, 2022<\/p>\n\n\n\n<p><strong>Fecha de modificaci\u00f3n:<\/strong> agosto 04, 2022<\/p>\n\n\n\n<p><strong>\u00daltima revisi\u00f3n:<\/strong> Revisi\u00f3n A.<\/p>\n\n\n\n<p><strong>Fuente:<\/strong> www.cve.org<\/p>\n\n\n\n<p><strong>Sistemas Afectados<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Apache Tapestry 5.8.1 y previos<\/li><\/ul>\n\n\n\n<p><strong>I. Descripci\u00f3n<\/strong><\/p>\n\n\n\n<p>Apache Tapestry versi\u00f3n 5.8.1 y previos, presentan vulnerabilidad CVE-2022-31781 a la denegaci\u00f3n de servicios de presiones regulares (ReDoS) en la forma de manejo de los tipos de contenido. Donde estos tipos de contenidos especialmente dise\u00f1ados pueden causar retrocesos de tiempo exponencial para completarse. Estos contenidos especiales son corregidos en la clase org.apache.tapestry5.http.ContentType.Apache Tapestry 5.8.2<\/p>\n\n\n\n<p>Se les exhorta a revisar los enlaces en la secci\u00f3n III de referencias. Y aplicar las acciones necesarias para la actualizaci\u00f3n y mitigaci\u00f3n de la vulnerabilidad.<\/p>\n\n\n\n<p><strong>II. Impacto<\/strong><\/p>\n\n\n\n<p><strong>Complejidad de Acceso:<\/strong> Critica.<\/p>\n\n\n\n<p><strong>Autenticaci\u00f3n:<\/strong> No requerida para explotarla.<\/p>\n\n\n\n<p><strong>Tipo de impacto:<\/strong> Compromiso total del sistema.<\/p>\n\n\n\n<p><strong>III. Referencia a soluciones, herramientas e informaci\u00f3n<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\" type=\"a\"><li><a href=\"https:\/\/tapestry.apache.org\/security.html\">https:\/\/tapestry.apache.org\/security.html<\/a><\/li><li><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-31781\">https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-31781<\/a><\/li><li><a href=\"https:\/\/github.com\/advisories\/GHSA-227g-7cvv-6ff3\">https:\/\/github.com\/advisories\/GHSA-227g-7cvv-6ff3<\/a><\/li><li><a href=\"https:\/\/security.snyk.io\/vuln\/SNYK-JAVA-ORGAPACHETAPESTRY-2949136\">https:\/\/security.snyk.io\/vuln\/SNYK-JAVA-ORGAPACHETAPESTRY-2949136<\/a><\/li><\/ol>\n\n\n\n<p><strong>IV. Informaci\u00f3n de contacto<\/strong><\/p>\n\n\n\n<p>CSIRT PANAMA<\/p>\n\n\n\n<p>Autoridad Nacional para la Innovaci\u00f3n Gubernamental<\/p>\n\n\n\n<p>E-Mail: info@cert.pa<\/p>\n\n\n\n<p>Web:&nbsp;&nbsp; http:\/\/www.cert.pa<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Gravedad: Cr\u00edtica Fecha de publicaci\u00f3n: agosto 04, 2022 Fecha de modificaci\u00f3n: agosto 04, 2022 \u00daltima revisi\u00f3n: Revisi\u00f3n A. Fuente: www.cve.org Sistemas Afectados Apache Tapestry 5.8.1 y previos I. Descripci\u00f3n Apache Tapestry versi\u00f3n 5.8.1 y previos,&#8230;<\/p>\n","protected":false},"author":4,"featured_media":2235,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[4],"tags":[],"class_list":["post-3112","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-avisos-de-seguridad"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/3112","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3112"}],"version-history":[{"count":1,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/3112\/revisions"}],"predecessor-version":[{"id":3113,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/3112\/revisions\/3113"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/media\/2235"}],"wp:attachment":[{"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3112"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3112"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3112"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}