1. CVE-Search
  2. CVE-2013-2055
ID CVE-2013-2055
Summary Unspecified vulnerability in Apache Wicket 1.4.x before 1.4.23, 1.5.x before 1.5.11, and 6.x before 6.8.0 allows remote attackers to obtain sensitive information via vectors that cause raw HTML templates to be rendered without being processed and reading the information that is outside of wicket:panel markup.
References
Vulnerable Configurations
  • cpe:2.3:a:apache:wicket:1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:wicket:1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:wicket:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:wicket:1.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:wicket:1.4.10:*:*:*:*:*:*:*
    cpe:2.3:a:apache:wicket:1.4.10:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:wicket:1.4.11:*:*:*:*:*:*:*
    cpe:2.3:a:apache:wicket:1.4.11:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:wicket:1.4.12:*:*:*:*:*:*:*
    cpe:2.3:a:apache:wicket:1.4.12:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:wicket:1.4.13:*:*:*:*:*:*:*
    cpe:2.3:a:apache:wicket:1.4.13:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:wicket:1.4.14:*:*:*:*:*:*:*
    cpe:2.3:a:apache:wicket:1.4.14:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:wicket:1.4.15:*:*:*:*:*:*:*
    cpe:2.3:a:apache:wicket:1.4.15:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:wicket:1.4.16:*:*:*:*:*:*:*
    cpe:2.3:a:apache:wicket:1.4.16:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:wicket:1.4.17:*:*:*:*:*:*:*
    cpe:2.3:a:apache:wicket:1.4.17:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:wicket:1.4.18:*:*:*:*:*:*:*
    cpe:2.3:a:apache:wicket:1.4.18:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:wicket:1.4.19:*:*:*:*:*:*:*
    cpe:2.3:a:apache:wicket:1.4.19:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:wicket:1.4.20:*:*:*:*:*:*:*
    cpe:2.3:a:apache:wicket:1.4.20:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:wicket:1.4.21:*:*:*:*:*:*:*
    cpe:2.3:a:apache:wicket:1.4.21:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:wicket:1.4.22:*:*:*:*:*:*:*
    cpe:2.3:a:apache:wicket:1.4.22:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:wicket:1.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:wicket:1.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:wicket:1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:wicket:1.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:wicket:1.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:wicket:1.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:wicket:1.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:wicket:1.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:wicket:1.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:wicket:1.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:wicket:1.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:wicket:1.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:wicket:1.5.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:wicket:1.5.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:wicket:1.5.7:*:*:*:*:*:*:*
    cpe:2.3:a:apache:wicket:1.5.7:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:wicket:1.5.8:*:*:*:*:*:*:*
    cpe:2.3:a:apache:wicket:1.5.8:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:wicket:1.5.9:*:*:*:*:*:*:*
    cpe:2.3:a:apache:wicket:1.5.9:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:wicket:1.5.10:*:*:*:*:*:*:*
    cpe:2.3:a:apache:wicket:1.5.10:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:wicket:6.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:wicket:6.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:wicket:6.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:wicket:6.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:wicket:6.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:wicket:6.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:wicket:6.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:wicket:6.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:wicket:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:wicket:6.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:wicket:6.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:wicket:6.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:wicket:6.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:wicket:6.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:wicket:6.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:wicket:6.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:wicket:6.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:wicket:6.8.0:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 11-02-2014 - 20:14)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
refmap via4
bid 65431
confirm
fulldisc 20140206 [CVE-2013-2055] Apache Wicket information disclosure vulnerability
osvdb 102955
Last major update 11-02-2014 - 20:14
Published 10-02-2014 - 23:55
Last modified 11-02-2014 - 20:14
Back to Top