Description
In Apache Wicket 1.5.10 or 6.13.0, by issuing requests to special urls handled by Wicket, it is possible to check for the existence of particular classes in the classpath and thus check whether a third party library with a known security vulnerability is in use.
Remediation
References
https://lists.apache.org/thread.html/d95e962f2f059a09f5abf7086c3f4ed22d2ae2c21499d0de95d4435d%401392986987%40%3Cannounce.wicket.apache.org%3E
Related Vulnerabilities
CVE-2007-5333 Vulnerability in maven package tomcat:tomcat-coyote
CVE-2015-3271 Vulnerability in maven package org.apache.tika:tika-server
CVE-2018-6591 Vulnerability in npm package converse.js
CVE-2018-1999040 Vulnerability in maven package org.csanchez.jenkins.plugins:kubernetes
CVE-2011-3375 Vulnerability in maven package org.apache.tomcat:tomcat-coyote