CVE-2014-0043 - Apache Wicket Information disclosure vulnerability

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected: Apache Wicket 1.5.10 and 6.13.0

Description:

By issuing requests to special urls handled by Wicket it is possible to check for the existence of particular classes in the classpath and thus check whether a third party library with a known security vulnerability is in use.

The application developers are recommended to upgrade to: - Apache Wicket 1.5.11 - Apache Wicket 6.14.0

Credit: This issue was reported by Christian Schneider!

Apache Wicket Team