CVE-2014-7808
published 2017-09-15CVE-2014-7808: Apache Wicket before 1.5.13, 6.x before 6.19.0, and 7.x before 7.0.0-M5 make it easier for attackers to defeat a cryptographic protection mechanism and predict…
high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
Apache Wicket before 1.5.13, 6.x before 6.19.0, and 7.x before 7.0.0-M5 make it easier for attackers to defeat a cryptographic protection mechanism and predict encrypted URLs by leveraging use of CryptoMapper as the default encryption provider.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | wicket | — | — |
| apache | wicket | >= 1.5.0 < 1.5.13 | 1.5.13 |
| apache | wicket | >= 6.0.0 < 6.19.0 | 6.19.0 |