CVE-2012-1089

CWE-22 โ€” Path Traversal5 documents5 sources
Severity
5.0MEDIUM
EPSS
1.5%
top 18.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Wicket
Timeline
PublishedMar 23
Latest updateMay 17

Description

Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

โ–ถNVDapache/wicket25 versions+24

๐Ÿ”ดVulnerability Details

2
GHSA
GHSA-cp23-9h5q-3326: Directory traversal vulnerability in Apache Wicket 1โ†—2022-05-17
โ–ถ
CVEList
CVE-2012-1089: Directory traversal vulnerability in Apache Wicket 1โ†—2012-03-23
โ–ถ

๐Ÿ“‹Vendor Advisories

1
Red Hat
nfs-utils: mount.nfs fails to anticipate RLIMIT_FSIZEโ†—2011-04-19
โ–ถ

๐Ÿ’ฌCommunity

1
Bugzilla
CVE-2012-1958 Mozilla: use-after-free in nsGlobalWindow::PageHidden (MFSA 2012-48)โ†—2012-07-14
โ–ถ