Description
Acunetix has detected that the web application is based on Apache Tapestry. Apache Tapestry has a vulnerability that allows an unauthenticated user to download arbitrary class files from the classpath by providing a crafted asset file URL. An attacker can use it to achieve RCE on the server.
Remediation
Upgrade to the latest version of Apache Tapestry
References
Related Vulnerabilities
Ruby on Rails DoubleTap RCE (CVE-2019-5420)
WordPress 6.1.x Multiple Vulnerabilities (6.1 - 6.1.3)
WordPress Plugin Page and Post Clone Information Disclosure (1.1)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-15005)
Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5497)