Description
Acunetix has detected that the web application is based on Apache Tapestry. Apache Tapestry has a vulnerability that allows an unauthenticated user to download arbitrary class files from the classpath by providing a crafted asset file URL. An attacker can use it to achieve RCE on the server.
Remediation
Upgrade to the latest version of Apache Tapestry
References
Related Vulnerabilities
WordPress Plugin Import all XML, CSV & TXT into WordPress Information Disclosure (3.6.74)
ForgeRock AM / OpenAM Deserialization RCE (CVE-2021-35464)
WordPress Plugin W4 Post List Multiple Vulnerabilities (2.4.5)
WordPress Plugin Share Possible Remote Code Execution (1.0)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-2642)