Denial of Service Vulnerability in Apache Wicket by Apache
CVE-2024-53299

6.5MEDIUM

Key Information:

Vendor: Apache
Status: Apache Wicket
Vendor: CVE Published:; 23 January 2025

Summary

A flaw in the request handling of Apache Wicket 7.0.0 across all platforms enables malicious actors to exploit server resources, potentially leading to service interruptions. Users are strongly advised to upgrade to the patched versions 9.19.0 or 10.3.0 to ensure protection against such exploitation.

Affected Version(s)

Apache Wicket 7.0.0 <= 7.18.*

Apache Wicket 8.0.0-M1 <= 8.16.*

Apache Wicket 9.0.0-M1 <= 9.18.*

References

https://lists.apache.org/thread/gyp2ht00c62827y0379lxh5db...

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 23, 2025
Vulnerability Reserved
Nov 20, 2024

Credit

Pedro Santos