Directory Traversal Vulnerability in Apache Wicket by The Apache Software Foundation
CVE-2012-1089

Currently unrated

Key Information:

Vendor: Apache
Status: Wicket
Vendor: CVE Published:; 23 March 2012

What is CVE-2012-1089?

A directory traversal vulnerability exists in Apache Wicket versions prior to 1.4.20 and 1.5.5, allowing remote attackers to exploit the flaw by crafting a malicious URL. This could enable unauthorized reading of sensitive web-application files through improper handling of relative pathnames that lead to a null package. Administrators are urged to apply the latest updates to mitigate this vulnerability effectively.

References

http://osvdb.org/80301

vdb-entryx_refsource_OSVDB

http://www.securityfocus.com/bid/52679

vdb-entryx_refsource_BID

http://wicket.apache.org/2012/03/22/wicket-cve-2012-1089....

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 23, 2012
Vulnerability Reserved
Feb 14, 2012