Description
Unspecified vulnerability in Apache Wicket 1.4.x before 1.4.23, 1.5.x before 1.5.11, and 6.x before 6.8.0 allows remote attackers to obtain sensitive information via vectors that cause raw HTML templates to be rendered without being processed and reading the information that is outside of wicket:panel markup.
References (5)
Core 5
Core References
Vendor Advisory x_refsource_confirm
https://wicket.apache.org/2013/05/17/wicket-6.8.0-released.html
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Feb/38
Vendor Advisory x_refsource_confirm
https://wicket.apache.org/2014/02/06/cve-2013-2055.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/102955
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/65431
Scores
EPSS
0.0163
EPSS Percentile
82.2%
Details
Status
published
Products (35)
apache/wicket
1.4.0
apache/wicket
1.4.1
apache/wicket
1.4.10
apache/wicket
1.4.11
apache/wicket
1.4.12
apache/wicket
1.4.13
apache/wicket
1.4.14
apache/wicket
1.4.15
apache/wicket
1.4.16
apache/wicket
1.4.17
... and 25 more
Published
Feb 10, 2014
Tracked Since
Feb 18, 2026