Wicket Security Vulnerabilities and Issues — Wicket CVE List

Lucene search

ApacheWicket

4 matches found

CVE•added 2020/08/11 7:15 p.m.•75 views

CVE-2020-11976

By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates. This would allow an attacker to see possibly sensitive information inside a HTML template that is usually removed during rendering. Affected are Apache Wicket versions 7.16.0, 8.8.0 and 9.0.0-M5

7.5CVSS7.2AI score0.02033EPSS

CVE•added 2021/05/25 5:15 p.m.•57 views

CVE-2021-23937

A DNS proxy and possible amplification attack vulnerability in WebClientInfo of Apache Wicket allows an attacker to trigger arbitrary DNS lookups from the server when the X-Forwarded-For header is not properly sanitized. This DNS lookup can be engineered to overload an internal DNS server or to slo...

7.5CVSS7.5AI score0.06868EPSS

CVE•added 2017/10/30 2:29 p.m.•44 views

CVE-2014-3526

Apache Wicket before 1.5.12, 6.x before 6.17.0, and 7.x before 7.0.0-M3 might allow remote attackers to obtain sensitive information via vectors involving identifiers for storing page markup for temporary user sessions.

7.5CVSS7.2AI score0.00499EPSS

CVE•added 2017/09/15 8:29 p.m.•42 views

CVE-2014-7808

Apache Wicket before 1.5.13, 6.x before 6.19.0, and 7.x before 7.0.0-M5 make it easier for attackers to defeat a cryptographic protection mechanism and predict encrypted URLs by leveraging use of CryptoMapper as the default encryption provider.

7.5CVSS7.5AI score0.00196EPSS