CVE-2014-0043

MEDIUM

Apache Wicket <1.5.10,6.13.0 - Info Disclosure

Title source: llm

Description

In Apache Wicket 1.5.10 or 6.13.0, by issuing requests to special urls handled by Wicket, it is possible to check for the existence of particular classes in the classpath and thus check whether a third party library with a known security vulnerability is in use.

Exploits (1)

nomisec SCANNER

by JJK96 · poc

https://github.com/JJK96/JavaClasspathEnum

View Code ZIP pw:eip

References (1)

[Mailing List] https://lists.apache.org/thread.html/d95e962f2f059a09f5abf7086c3f4ed22d2ae2c21499d0de95d4435d%401392986987%40%3Cannounce.wicket.apache.org%3E

Scores

CVSS v3 5.3

EPSS 0.0151

EPSS Percentile 81.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-200

Status published

Products (5)

apache/wicket 1.5.10

apache/wicket 6.13.0

Apache Software Foundation/Apache Wicket 1.5.10

Apache Software Foundation/Apache Wicket 6.13.0

org.apache.wicket/wicket-core 1.5-RC1 - 1.5.11Maven

Published Oct 03, 2017

Tracked Since Feb 18, 2026