CVE-2014-0043

MEDIUM5.3EPSS 0.79%

Apache Wicket allows attackers to check for third-party libraries

發布日:2022/5/17修改日:2025/4/23

描述

In Apache Wicket 1.5.10 or 6.13.0, by issuing requests to special urls handled by Wicket, it is possible to check for the existence of particular classes in the classpath and thus check whether a third party library with a known security vulnerability is in use.

受影響套件(1)

Maven/org.apache.wicket:wicket-core>= 1.5-RC1, < 1.5.11

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM5.3	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

參考連結(3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2014-0043
PATCHhttps://github.com/apache/wicket
WEBhttps://lists.apache.org/thread.html/d95e962f2f059a09f5abf7086c3f4ed22d2ae2c21499d0de95d4435d@1392986987@%3Cannounce.wicket.apache.org%3E