Cryptographic Vulnerability in Apache Wicket by The Apache Software Foundation
CVE-2014-7808

7.5HIGH

Key Information:

Vendor: Apache
Status: Wicket
Vendor: CVE Published:; 15 September 2017

Summary

Earlier versions of Apache Wicket were found to have a vulnerability that compromises the integrity of its cryptographic protections. This issue stems from the use of CryptoMapper as the default encryption provider, allowing attackers to potentially predict encrypted URLs. By exploiting this flaw, attackers can undermine the authentication mechanisms and access sensitive information that should have been safeguarded, making it imperative for users to update to the latest versions for enhanced security.

References

http://mail-archives.apache.org/mod_mbox/wicket-users/201...

mailing-listx_refsource_MLIST

https://www.smrrd.de/cve-2014-7808-apache-wicket-csrf-201...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 15, 2017
Vulnerability Reserved
Oct 3, 2014