CVE-2014-3526
HIGHApache Wicket < 1.5.12, 6.x < 6.17.0, and 7.x < 7.0.0-M3 - Exposure of Sensitive Information via Page Markup Identifiers
Title source: llmDescription
Apache Wicket before 1.5.12, 6.x before 6.17.0, and 7.x before 7.0.0-M3 might allow remote attackers to obtain sensitive information via vectors involving identifiers for storing page markup for temporary user sessions.
References (1)
Core 1
Core References
Issue Tracking, Third Party Advisory x_refsource_confirm
https://wicket.apache.org/news/2014/09/22/cve-2014-3526.html
Scores
CVSS v3
7.5
EPSS
0.0050
EPSS Percentile
66.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (22)
apache/wicket
6.0.0 (4 CPE variants)
apache/wicket
6.1.0
apache/wicket
6.1.1
apache/wicket
6.2.0
apache/wicket
6.3.0
apache/wicket
6.4.0
apache/wicket
6.5.0
apache/wicket
6.6.0
apache/wicket
6.7.0
apache/wicket
6.8.0
... and 12 more
Published
Oct 30, 2017
Tracked Since
Feb 18, 2026