CVE-2014-3526: Apache Wicket before 1.5.12, 6.x before 6.17.0, and 7.x before 7.0.0-M3 might allow remote attackers to obtain sensitive information via vectors involving…

high7.5CVSS 3.1

AVNACLPRNUINSUCHINAN

Apache Wicket before 1.5.12, 6.x before 6.17.0, and 7.x before 7.0.0-M3 might allow remote attackers to obtain sensitive information via vectors involving identifiers for storing page markup for temporary user sessions.

Affected

21 ranges

Vendor	Product	Version range	Fixed in
apache	wicket	—	—
apache	wicket	—	—
apache	wicket	—	—
apache	wicket	—	—
apache	wicket	—	—
apache	wicket	—	—
apache	wicket	—	—
apache	wicket	—	—
apache	wicket	—	—
apache	wicket	—	—
apache	wicket	—	—
apache	wicket	—	—
apache	wicket	—	—
apache	wicket	—	—
apache	wicket	—	—
apache	wicket	—	—
apache	wicket	—	—
apache	wicket	—	—
apache	wicket	—	—
apache	wicket	—	—
apache	wicket	>= 1.5.0 < 1.5.12	1.5.12