Description
In Apache Wicket 1.5.10 or 6.13.0, by issuing requests to special urls handled by Wicket, it is possible to check for the existence of particular classes in the classpath and thus check whether a third party library with a known security vulnerability is in use.
Remediation
References
https://lists.apache.org/thread.html/d95e962f2f059a09f5abf7086c3f4ed22d2ae2c21499d0de95d4435d%401392986987%40%3Cannounce.wicket.apache.org%3E
Related Vulnerabilities
CVE-2016-10519 Vulnerability in npm package bittorrent-dht
CVE-2010-1157 Vulnerability in maven package org.apache.tomcat:catalina
CVE-2016-3086 Vulnerability in maven package org.apache.hadoop:hadoop-common
CVE-2023-22580 Vulnerability in npm package @sequelize/core
CVE-2018-17244 Vulnerability in maven package org.elasticsearch:elasticsearch