Information Disclosure Vulnerability in Apache Wicket by The Apache Software Foundation
CVE-2013-2055

Currently unrated

Key Information:

Vendor: Apache
Status: Wicket
Vendor: CVE Published:; 10 February 2014

Summary

An unspecified vulnerability in Apache Wicket allows remote attackers to access sensitive information. This occurs when raw HTML templates are rendered improperly, enabling exploitation through markup parsing issues that expose data beyond the defined wicket:panel elements. This security flaw affects several versions, posing risks for applications relying on Wicket for their web interfaces.

References

http://seclists.org/fulldisclosure/2014/Feb/38

mailing-listx_refsource_FULLDISC

https://wicket.apache.org/2014/02/06/cve-2013-2055.html

x_refsource_CONFIRM

http://osvdb.org/102955

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Feb 10, 2014
Vulnerability Reserved
Feb 19, 2013