Описание
Apache Wicket insecure defaults
Apache Wicket before 1.5.13, 6.x before 6.19.0, and 7.x before 7.0.0-M5 make it easier for attackers to defeat a cryptographic protection mechanism and predict encrypted URLs by leveraging use of CryptoMapper as the default encryption provider.
Ссылки
Пакеты
Наименование
org.apache.wicket:wicket-core
maven
Затронутые версииВерсия исправления
< 1.5.13
1.5.13
Наименование
org.apache.wicket:wicket-core
maven
Затронутые версииВерсия исправления
>= 6.0.0-beta1, < 6.19.0
6.19.0
Наименование
org.apache.wicket:wicket-core
maven
Затронутые версииВерсия исправления
>= 7.0.0-M1, < 7.0.0-M5
7.0.0-M5
Связанные уязвимости
CVSS3: 7.5
nvd
больше 8 лет назад
Apache Wicket before 1.5.13, 6.x before 6.19.0, and 7.x before 7.0.0-M5 make it easier for attackers to defeat a cryptographic protection mechanism and predict encrypted URLs by leveraging use of CryptoMapper as the default encryption provider.