CVE-2014-0043

Summary

In Apache Wicket 1.5.10 or 6.13.0, by issuing requests to special urls handled by Wicket, it is possible to check for the existence of particular classes in the classpath and thus check whether a third party library with a known security vulnerability is in use.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache Wicket1.5.10affected
Apache Software FoundationApache Wicket6.13.0affected

Weaknesses

  • Information Disclosure

ADP Enrichment

CVE Program Container

Additional References

References