CVE-2024-53299
MEDIUMApache Wicket 7.0.0-7.17.9 and 8.0.0-8.16.9 - Denial of Service via Request Handling
Title source: llmDescription
The request handling in the core in Apache Wicket 7.0.0 on any platform allows an attacker to create a DOS via multiple requests to server resources. Users are recommended to upgrade to versions 9.19.0 or 10.3.0, which fixes this issue.
References (2)
Core 2
Core References
Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2025/01/22/12
Mailing List, Vendor Advisory vendor-advisory
https://lists.apache.org/thread/gyp2ht00c62827y0379lxh5dbx3hhho5
Scores
CVSS v3
6.5
EPSS
0.0073
EPSS Percentile
73.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-400
Status
published
Products (2)
apache/wicket
7.0.0 - 7.18.0
org.apache.wicket/wicket-core
7.0.0 - 8.17.0Maven
Published
Jan 23, 2025
Tracked Since
Feb 18, 2026