CVE-2014-0043

Опубликовано: 03 окт. 2017

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

In Apache Wicket 1.5.10 or 6.13.0, by issuing requests to special urls handled by Wicket, it is possible to check for the existence of particular classes in the classpath and thus check whether a third party library with a known security vulnerability is in use.

Ссылки

https://lists.apache.org/thread.html/d95e962f2f059a09f5abf7086c3f4ed22d2ae2c21499d0de95d4435d%401392986987%40%3Cannounce.wicket.apache.org%3E
https://lists.apache.org/thread.html/d95e962f2f059a09f5abf7086c3f4ed22d2ae2c21499d0de95d4435d%401392986987%40%3Cannounce.wicket.apache.org%3E

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apache:wicket:1.5.10:*:*:*:*:*:*:*

cpe:2.3:a:apache:wicket:6.13.0:*:*:*:*:*:*:*

EPSS

Процентиль: 73%

0.00786

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-244g-8368-6wr9