Apache · Apache Wicket · CVE-2014-3526
Name of the Vulnerable Software and Affected Versions:
Apache Wicket versions prior to 1.5.12
Apache Wicket versions 6.x prior to 6.17.0
Apache Wicket versions 7.x prior to 7.0.0-M3
Description:
The issue might allow remote attackers to obtain sensitive information via vectors involving identifiers for storing page markup for temporary user sessions.
Recommendations:
For Apache Wicket versions prior to 1.5.12, update to version 1.5.12 or later.
For Apache Wicket versions 6.x prior to 6.17.0, update to version 6.17.0 or later.
For Apache Wicket versions 7.x prior to 7.0.0-M3, update to version 7.0.0-M3 or later.