CVE-2014-0043 - Apache Wicket Information disclosure vulnerability

21 Feb 2014

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected: Apache Wicket 1.5.10 and 6.13.0

Description:

By issuing requests to special urls handled by Wicket it is possible to check for the existence of particular classes in the classpath and thus check whether a third party library with a known security vulnerability is in use.

The application developers are recommended to upgrade to:

Credit: This issue was reported by Christian Schneider!

Apache Wicket Team