CVE-2014-3526

Published Oct 30, 2017

Last updated 5 years ago

CVSS high 7.5

Overview

Description: Apache Wicket before 1.5.12, 6.x before 6.17.0, and 7.x before 7.0.0-M3 might allow remote attackers to obtain sensitive information via vectors involving identifiers for storing page markup for temporary user sessions.
Source: secalert@redhat.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-200

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apache:wicket:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3DD671FB-9967-4ADA-8152-10DEA64F8BB7",
            "versionEndExcluding": "1.5.12",
            "versionStartIncluding": "1.5.0"
          },
          {
            "criteria": "cpe:2.3:a:apache:wicket:6.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E8C2287A-F526-44C4-AD1D-0BE7857C1FC6"
          },
          {
            "criteria": "cpe:2.3:a:apache:wicket:6.0.0:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BC22417A-E4B0-4512-8D96-210782855FFF"
          },
          {
            "criteria": "cpe:2.3:a:apache:wicket:6.0.0:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C594BC43-D6BE-41A8-A307-0166C3DE71A3"
          },
          {
            "criteria": "cpe:2.3:a:apache:wicket:6.0.0:beta3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8F160D55-152E-4CA4-A506-E91079D94D10"
          },
          {
            "criteria": "cpe:2.3:a:apache:wicket:6.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FF725E92-BAB8-4A0D-925B-AD4F6065E1D5"
          },
          {
            "criteria": "cpe:2.3:a:apache:wicket:6.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7C61C7A6-3233-4710-92B6-46562AF18479"
          },
          {
            "criteria": "cpe:2.3:a:apache:wicket:6.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "330AA15C-8A05-4302-AD8A-54DE6015642F"
          },
          {
            "criteria": "cpe:2.3:a:apache:wicket:6.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "18F7EBAA-BE71-43C6-8F28-B23511B88402"
          },
          {
            "criteria": "cpe:2.3:a:apache:wicket:6.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A9D513BF-CC50-4F96-8926-55081BF98EDA"
          },
          {
            "criteria": "cpe:2.3:a:apache:wicket:6.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4DCDA2F5-3C16-4093-81BD-EAB43A804419"
          },
          {
            "criteria": "cpe:2.3:a:apache:wicket:6.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ECE30441-B145-4860-AD95-DF20AB4D8DFB"
          },
          {
            "criteria": "cpe:2.3:a:apache:wicket:6.7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "710697FA-A859-4E66-B3A2-5A03AB21B1D6"
          },
          {
            "criteria": "cpe:2.3:a:apache:wicket:6.8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7C5A33E3-166A-41CE-8542-7AEEEC8DB42D"
          },
          {
            "criteria": "cpe:2.3:a:apache:wicket:6.9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "94072681-D452-4068-813E-191F3306FDEC"
          },
          {
            "criteria": "cpe:2.3:a:apache:wicket:6.9.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B821243-5C36-4B54-8180-C88740B2D58F"
          },
          {
            "criteria": "cpe:2.3:a:apache:wicket:6.10.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83F52DED-EC06-42F9-B851-7E99B0D74851"
          },
          {
            "criteria": "cpe:2.3:a:apache:wicket:6.11.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "74E55244-D41E-48CB-BF65-67F5FE17A703"
          },
          {
            "criteria": "cpe:2.3:a:apache:wicket:6.12.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7EFD25C8-EBEA-40D0-8D38-23770EA010AE"
          },
          {
            "criteria": "cpe:2.3:a:apache:wicket:6.13.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "51C6F793-FC42-4189-ACB7-E4CC5BEFA7B2"
          },
          {
            "criteria": "cpe:2.3:a:apache:wicket:6.14.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3EF63DDD-3909-495D-A7CF-514A19ED04DB"
          },
          {
            "criteria": "cpe:2.3:a:apache:wicket:6.15.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F7396595-B40E-41CB-AAD8-6777A3FF5938"
          },
          {
            "criteria": "cpe:2.3:a:apache:wicket:6.16.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4BB87904-83A0-42B6-A3B1-57F8A91847A8"
          },
          {
            "criteria": "cpe:2.3:a:apache:wicket:7.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "455D1DE8-2794-458C-AEBB-C957701E511D"
          },
          {
            "criteria": "cpe:2.3:a:apache:wicket:7.0.0:milestone1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AADF9D31-21F8-45AD-8B85-86244D4529F7"
          },
          {
            "criteria": "cpe:2.3:a:apache:wicket:7.0.0:milestone2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B6A90E52-0EF7-4C84-814F-9D6EE832C535"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References