Wicket@7.0.0 Security Vulnerabilities and Issues — Wicket@7.0.0 CVE List

Lucene search

ApacheWicket7.0.0

3 matches found

CVE•added 2017/10/30 2:29 p.m.•44 views

CVE-2014-3526

Apache Wicket before 1.5.12, 6.x before 6.17.0, and 7.x before 7.0.0-M3 might allow remote attackers to obtain sensitive information via vectors involving identifiers for storing page markup for temporary user sessions.

7.5CVSS7.2AI score0.00499EPSS

CVE•added 2017/09/15 8:29 p.m.•42 views

CVE-2014-7808

Apache Wicket before 1.5.13, 6.x before 6.19.0, and 7.x before 7.0.0-M5 make it easier for attackers to defeat a cryptographic protection mechanism and predict encrypted URLs by leveraging use of CryptoMapper as the default encryption provider.

7.5CVSS7.5AI score0.00196EPSS

CVE•added 2017/10/03 1:29 a.m.•42 views

CVE-2016-6806

Apache Wicket 6.x before 6.25.0, 7.x before 7.5.0, and 8.0.0-M1 provide a CSRF prevention measure that fails to discover some cross origin requests. The mitigation is to not only check the Origin HTTP header, but also take the Referer HTTP header into account when no Origin was provided. Furthermor...

8.8CVSS8.6AI score0.00122EPSS