Description
Acunetix has detected that the web application is based on Apache Tapestry. Apache Tapestry has a vulnerability that allows an unauthenticated user to download arbitrary class files from the classpath by providing a crafted asset file URL. An attacker can use it to achieve RCE on the server.
Remediation
Upgrade to the latest version of Apache Tapestry
References
Related Vulnerabilities
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6335)
Piwigo Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3790)
WordPress Plugin ACF to REST API Information Disclosure (3.2.0)
vBulletin 5.x 0day pre-auth RCE
WordPress Plugin GiveWP-Donation and Fundraising Platform Information Disclosure (2.20.2)