CVE-2016-6793
CRITICALApache Wicket 1.5.0-1.5.16 - Deserialization of Untrusted Data in DiskFileItem
Title source: llmDescription
The DiskFileItem class in Apache Wicket 6.x before 6.25.0 and 1.5.x before 1.5.17 allows remote attackers to cause a denial of service (infinite loop) and write to, move, and delete files with the permissions of DiskFileItem, and if running on a Java VM before 1.3.1, execute arbitrary code via a crafted serialized Java object.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1037541
Mailing List, Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/539975/100/0/threaded
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/12/31/1
Vendor Advisory x_refsource_confirm
https://wicket.apache.org/news/2016/12/31/cve-2016-6793.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/95168
Third Party Advisory x_refsource_misc
https://www.tenable.com/security/research/tra-2016-23
Scores
CVSS v3
9.1
EPSS
0.0363
EPSS Percentile
88.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Details
CWE
CWE-502
Status
published
Products (1)
apache/wicket
1.5.0 - 1.5.17
Published
Jul 17, 2017
Tracked Since
Feb 18, 2026