CVE-2016-6806

🗓️ 02 Oct 2017 13:00:00Reported by apacheType

Apache Wicket 6.x before 6.25.0, 7.x before 7.5.0, and 8.0.0-M1 CSRF prevention measure issue fixe

Reporter	Title	Published	Views	Family All 8
CNVD	Apache Wicket CSRF Vulnerability	24 Oct 201700:00	–	cnvd
Cvelist	CVE-2016-6806	2 Oct 201713:00	–	cvelist
EUVD	EUVD-2016-7700	7 Oct 202500:30	–	euvd
Github Security Blog	Apache Wicket vulnerable to CSRF attacks	17 May 202200:31	–	github
NVD	CVE-2016-6806	3 Oct 201701:29	–	nvd
OpenVAS	Apache Wicket CSRF Detection Vulnerability (Nov 2016)	10 Oct 201700:00	–	openvas
OSV	GHSA-XC66-MG8R-Q6R5 Apache Wicket vulnerable to CSRF attacks	17 May 202200:31	–	osv
Prion	Cross site request forgery (csrf)	3 Oct 201701:29	–	prion

NVD

Vulners

Node

apache wicketMatch6.20.0

apache wicketMatch6.21.0

apache wicketMatch6.22.0

apache wicketMatch6.23.0

apache wicketMatch6.24.0

apache wicketMatch7.0.0

apache wicketMatch7.1.0

apache wicketMatch7.2.0

apache wicketMatch7.3.0

apache wicketMatch7.4.0

apache wicketMatch8.0.0m1

[
  {
    "product": "Apache Wicket",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "status": "affected",
        "version": "6.20.0"
      },
      {
        "status": "affected",
        "version": "6.21.0"
      },
      {
        "status": "affected",
        "version": "6.22.0"
      },
      {
        "status": "affected",
        "version": "6.23.0"
      },
      {
        "status": "affected",
        "version": "6.24.0"
      },
      {
        "status": "affected",
        "version": "7.0.0"
      },
      {
        "status": "affected",
        "version": "7.1.0"
      },
      {
        "status": "affected",
        "version": "7.2.0"
      },
      {
        "status": "affected",
        "version": "7.3.0"
      },
      {
        "status": "affected",
        "version": "7.4.0"
      },
      {
        "status": "affected",
        "version": "8.0.0-M1"
      }
    ]
  }
]

Source	Link
lists	www.lists.apache.org/thread.html/074b72585f4b7c6adda1af52aecbfe1be23c6d6f5bb9382270f059cd%40%3Cannounce.apache.org%3E

13 May 2026 00:24Current

8.6High risk

Vulners AI Score8.6

CVSS 26.8

CVSS 38.8

EPSS0.00206

CWE-352