PT-2017-9014 · Apache · Apache Wicket

Jacob Baines

Published

2017-07-14

Updated

2019-05-06

CVE-2016-6793

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions Apache Wicket versions 6.x before 6.25.0 Apache Wicket versions 1.5.x before 1.5.17

Description The issue allows remote attackers to cause a denial of service, write to, move, and delete files with certain permissions. In specific environments, it may also allow the execution of arbitrary code via a crafted serialized Java object.

Recommendations For Apache Wicket versions 6.x before 6.25.0, update to version 6.25.0 or later. For Apache Wicket versions 1.5.x before 1.5.17, update to version 1.5.17 or later.

Fix

DoS

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

CVE-2016-6793

Affected Products

Apache Wicket

PT-2017-9014 · Apache · Apache Wicket

CVE-2016-6793

Weakness Enumeration

Related Identifiers

Affected Products

References · 9