Apache Wicket before 1.5.12, 6.x before 6.17.0, and 7.x before 7.0.0-M3 might allow remote attackers to obtain sensitive information via vectors involving identifiers for storing page markup for temporary user sessions.
References
Link | Resource |
---|---|
https://wicket.apache.org/news/2014/09/22/cve-2014-3526.html | Issue Tracking Third Party Advisory |
https://wicket.apache.org/news/2014/09/22/cve-2014-3526.html | Issue Tracking Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:08
Type | Values Removed | Values Added |
---|---|---|
References | () https://wicket.apache.org/news/2014/09/22/cve-2014-3526.html - Issue Tracking, Third Party Advisory |
Information
Published : 2017-10-30 14:29
Updated : 2024-11-21 02:08
NVD link : CVE-2014-3526
Mitre link : CVE-2014-3526
CVE.ORG link : CVE-2014-3526
JSON object : View
Products Affected
apache
- wicket
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor