CVE-2014-3526CVE-2014-3526

Affected configuration(s):

cpe:/a:apache:wicket:1.5.11
cpe:/a:apache:wicket:6.0.0
cpe:/a:apache:wicket:6.0.0:beta1
cpe:/a:apache:wicket:6.0.0:beta2
cpe:/a:apache:wicket:6.0.0:beta3
cpe:/a:apache:wicket:6.1.0
cpe:/a:apache:wicket:6.1.1
cpe:/a:apache:wicket:6.2.0
cpe:/a:apache:wicket:6.3.0
cpe:/a:apache:wicket:6.4.0
cpe:/a:apache:wicket:6.5.0
cpe:/a:apache:wicket:6.6.0
cpe:/a:apache:wicket:6.7.0
cpe:/a:apache:wicket:6.8.0
cpe:/a:apache:wicket:6.9.0
cpe:/a:apache:wicket:6.9.1
cpe:/a:apache:wicket:6.10.0
cpe:/a:apache:wicket:6.11.0
cpe:/a:apache:wicket:6.12.0
cpe:/a:apache:wicket:6.13.0
cpe:/a:apache:wicket:6.14.0
cpe:/a:apache:wicket:6.15.0
cpe:/a:apache:wicket:6.16.0
cpe:/a:apache:wicket:7.0.0
cpe:/a:apache:wicket:7.0.0-m1
cpe:/a:apache:wicket:7.0.0-m2

Date published: 2017-10-30T10:29:00.500-04:00

Date last modified: 2017-11-18T12:48:33.260-05:00

CVSS Score: 5.0

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: https://wicket.apache.org/news/2014/09/22/cve-2014-3526.html

Summary: Apache Wicket before 1.5.12, 6.x before 6.17.0, and 7.x before 7.0.0-M3 might allow remote attackers to obtain sensitive information via vectors involving identifiers for storing page markup for temporary user sessions.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.