CVE-2013-2055

Currently unrated

Key Information:

Vendor: Apache
Status: Wicket
Vendor: CVE Published:; 10 February 2014

Summary

Unspecified vulnerability in Apache Wicket 1.4.x before 1.4.23, 1.5.x before 1.5.11, and 6.x before 6.8.0 allows remote attackers to obtain sensitive information via vectors that cause raw HTML templates to be rendered without being processed and reading the information that is outside of wicket:panel markup.

References

http://seclists.org/fulldisclosure/2014/Feb/38

mailing-listx_refsource_FULLDISC

https://wicket.apache.org/2014/02/06/cve-2013-2055.html

x_refsource_CONFIRM

http://osvdb.org/102955

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Feb 10, 2014
Vulnerability Reserved
Feb 19, 2013