Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2014-0043 Vulnerability in maven package org.apache.wicket:wicket-core

Description

In Apache Wicket 1.5.10 or 6.13.0, by issuing requests to special urls handled by Wicket, it is possible to check for the existence of particular classes in the classpath and thus check whether a third party library with a known security vulnerability is in use.

Remediation

References

https://lists.apache.org/thread.html/d95e962f2f059a09f5abf7086c3f4ed22d2ae2c21499d0de95d4435d%401392986987%40%3Cannounce.wicket.apache.org%3E

Related Vulnerabilities

CVE-2015-7940 Vulnerability in maven package org.bouncycastle:bcprov-ext-jdk14

CVE-2023-20866 Vulnerability in maven package org.springframework.session:spring-session-core

CVE-2016-0790 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2019-3868 Vulnerability in maven package org.keycloak:keycloak-core

CVE-2013-4590 Vulnerability in maven package org.apache.tomcat:jasper

Severity

Medium

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N