PT-2017-6111 · Apache · Apache Wicket

Publicado

2017-09-15

Atualizado

2022-05-13

CVE-2014-7808

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Apache Wicket versions prior to 1.5.13 Apache Wicket versions 6.x prior to 6.19.0 Apache Wicket versions 7.x prior to 7.0.0-M5

Description: The issue makes it easier for attackers to defeat a cryptographic protection mechanism and predict encrypted URLs by leveraging the use of CryptoMapper as the default encryption provider.

Recommendations: For Apache Wicket versions prior to 1.5.13, update to version 1.5.13 or later. For Apache Wicket versions 6.x prior to 6.19.0, update to version 6.19.0 or later. For Apache Wicket versions 7.x prior to 7.0.0-M5, update to version 7.0.0-M5 or later.

Correção

Inadequate Encryption Strength

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-326CWE-310

Identificadores relacionados

CVE-2014-7808

GHSA-VFMM-JM4V-7FRQ

Produtos afetados

Apache Wicket

PT-2017-6111 · Apache · Apache Wicket

CVE-2014-7808

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8