CVE-2014-0043
Apache Wicket allows attackers to check for third-party libraries
5.3
MEDIUM
CVSS 3.1
EPSS 0.79%
Description
In Apache Wicket 1.5.10 or 6.13.0, by issuing requests to special urls handled by Wicket, it is possible to check for the existence of particular classes in the classpath and thus check whether a third party library with a known security vulnerability is in use.
How to fix CVE-2014-0043
To remediate CVE-2014-0043, upgrade the affected package to a fixed version below.
- —upgrade to 1.5.11 or later
Is CVE-2014-0043 being exploited?
Low — EPSS is 0.8%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 1.5-RC1, < 1.5.11
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |