CVE-2014-0043

MEDIUM

Apache Wicket <1.5.10,6.13.0 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-0043. PoCs published by JJK96.

AI-analyzed exploit summary This script enumerates Java class files in a JAR to test for their presence on a target server via HTTP requests. It checks for unauthorized access and logs results, but does not exploit a vulnerability directly.

Description

In Apache Wicket 1.5.10 or 6.13.0, by issuing requests to special urls handled by Wicket, it is possible to check for the existence of particular classes in the classpath and thus check whether a third party library with a known security vulnerability is in use.

Exploits (1)

nomisec SCANNER
by JJK96 · poc
https://github.com/JJK96/JavaClasspathEnum

This script enumerates Java class files in a JAR to test for their presence on a target server via HTTP requests. It checks for unauthorized access and logs results, but does not exploit a vulnerability directly.

Classification
Scanner 90%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Apache Wicket (version not specified)
Auth required
Prerequisites: Valid JAR file with class files · Target URL with Wicket resource endpoint · Optional authentication cookie
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 5.3
EPSS 0.0079
EPSS Percentile 74.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-200
Status published
Products (5)
apache/wicket 1.5.10
apache/wicket 6.13.0
Apache Software Foundation/Apache Wicket 1.5.10
Apache Software Foundation/Apache Wicket 6.13.0
org.apache.wicket/wicket-core 1.5-RC1 - 1.5.11Maven
Published Oct 03, 2017
Tracked Since Feb 18, 2026