Main Vulnerability Database SB2023113066

SB2023113066 - Path traversal in Apache Tiles

Published: November 30, 2023 Updated: January 2, 2026

Security Bulletin ID SB2023113066

Severity

High

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Path traversal (CVE-ID: CVE-2023-49735)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences while resolving XML definition files in DefaultLocaleResolver.LOCALE_KEY attribute. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system or perform XXE attacks.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://lists.apache.org/thread/8ktm4vxr6vvc1qsxh6ft8jzmom1zl65p