Lucene search

[email protected]NVD:CVE-2014-0043

HistoryOct 03, 2017 - 1:29 a.m.

CVE-2014-0043

2017-10-0301:29:00

CWE-200

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

26.9%

JSON

In Apache Wicket 1.5.10 or 6.13.0, by issuing requests to special urls handled by Wicket, it is possible to check for the existence of particular classes in the classpath and thus check whether a third party library with a known security vulnerability is in use.

Affected configurations

Nvd

Node

apachewicketMatch1.5.10

apachewicketMatch6.13.0

VendorProductVersionCPE
apachewicket1.5.10cpe:2.3:a:apache:wicket:1.5.10:*:*:*:*:*:*:*
apachewicket6.13.0cpe:2.3:a:apache:wicket:6.13.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apache	wicket	1.5.10	cpe:2.3:a:apache:wicket:1.5.10:::::::*
apache	wicket	6.13.0	cpe:2.3:a:apache:wicket:6.13.0:::::::*

References

lists.apache.org/thread.html/d95e962f2f059a09f5abf7086c3f4ed22d2ae2c21499d0de95d4435d%401392986987%40%3Cannounce.wicket.apache.org%3E

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

26.9%

JSON

Related for NVD:CVE-2014-0043

prion1 openvas1 cvelist1 cve1