CVE-2014-0043

CWE-200 — Information Exposure4 documents4 sources

Severity

5.3MEDIUM

EPSS

1.5%

top 18.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Software Foundation Apache Wicket Apache Wicket

Timeline

PublishedOct 3

Latest updateMay 17

Description

In Apache Wicket 1.5.10 or 6.13.0, by issuing requests to special urls handled by Wicket, it is possible to check for the existence of particular classes in the classpath and thus check whether a third party library with a known security vulnerability is in use.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

▶Mavenorg.apache.wicket:wicket-core1.5-RC1 — 1.5.11+1

▶NVDapache/wicket1.5.10, 6.13.0+1

▶CVEListV5apache_software_foundation/apache_wicket1.5.10, 6.13.0+1

🔴Vulnerability Details

GHSA

Apache Wicket allows attackers to check for third-party libraries↗2022-05-17

▶

OSV

Apache Wicket allows attackers to check for third-party libraries↗2022-05-17

▶

CVEList

CVE-2014-0043: In Apache Wicket 1↗2017-10-02

▶