Remote Information Disclosure Vulnerability in Apache Wicket
CVE-2014-3526

7.5HIGH

Key Information:

Vendor: Apache
Status: Wicket
Vendor: CVE Published:; 30 October 2017

Summary

Apache Wicket prior to version 1.5.12, and versions 6.x before 6.17.0 and 7.x before 7.0.0-M3 are vulnerable to a remote information disclosure issue. This vulnerability allows remote attackers to exploit identifiers used for storing page markup for temporary user sessions, potentially leading to the exposure of sensitive user information. Organizations using affected versions of Apache Wicket should update to the latest versions promptly to mitigate this risk.

References

https://wicket.apache.org/news/2014/09/22/cve-2014-3526.html

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 30, 2017
Vulnerability Reserved
May 14, 2014