Exploit/Advisories Cybersecurity study of the dark web exposes vulnerability to machine identities -- ScienceDaily

Published on September 3rd, 2019 📆 | 1581 Views ⚑

0

Apache Tapestry 5.3.6 HMAC Verification Deserialization unknown vulnerability


https://www.ispeech.org/text.to.speech

CVSS Meta Temp Score Current Exploit Price (β‰ˆ)
5.1 $5k-$25k

A vulnerability was found in Apache Tapestry 5.3.6. It has been declared as problematic. This vulnerability affects an unknown function of the component HMAC Verification. The CWE definition for the vulnerability is CWE-502. The impact remains unknown.

The bug was discovered 03/12/2019. The weakness was published 08/23/2019 by David Tomaschik as CVE-2019-10071: Timing Attack in HMAC Verification in Apache Tapestry as uncorroborated mailinglist post (Full-Disclosure). The advisory is available at seclists.org. This vulnerability was named CVE-2019-10071. The technical details are unknown and an exploit is not available. The structure of the vulnerability defines a possible price range of USD $5k-$25k at the moment (estimation calculated on 09/03/2019).

The vulnerability was handled as a non-public zero-day exploit for at least 38 days. During that time the estimated underground price was around $25k-$100k.

Applying a patch is able to eliminate this problem. The bugfix is ready for download at d3928ad44714b949d247af2652c84dae3c27e1b1. A possible mitigation has been published even before and not after the disclosure of the vulnerability.

Vendor

Name

Class: Unknown / Deserialization (CWE-502)
Local: Yes
Remote: No

Availability: πŸ”’
Status: Not defined

Price Prediction: πŸ”
Current Price Estimation: πŸ”’


0-Day unlock unlock unlock unlock
Today unlock unlock unlock unlock





Threat Intelligenceinfoedit

Threat: πŸ”
Adversaries: πŸ”
Geopolitics: πŸ”
Economy: πŸ”
Predictions: πŸ”
Remediation: πŸ”Recommended: Patch
Status: πŸ”

Reaction Time: πŸ”’
0-Day Time: πŸ”’

Patch: d3928ad44714b949d247af2652c84dae3c27e1b1

03/12/2019 Vulnerability found
03/13/2019 +1 days Vendor informed
04/19/2019 +37 days Countermeasure disclosed
08/23/2019 +126 days Advisory disclosed
09/03/2019 +11 days VulDB entry created
09/03/2019 +0 days VulDB last updateVendor: apache.org

Advisory: CVE-2019-10071: Timing Attack in HMAC Verification in Apache Tapestry
Researcher: David Tomaschik
Status: Uncorroborated

CVE: CVE-2019-10071 (πŸ”’)

Created: 09/03/2019 07:11 AM
Complete: πŸ”

Comments

No comments yet. Please log in to comment.

Download it now for free!

https://vuldb.com/?id.141190

Tagged with: β€’ β€’ β€’ β€’ β€’



Comments are closed.






Β© Torchsec Β Privacy PolicyΒ Disclaimer Β T&C



Back to Top ↑