| I"ã<p>Severity: Important</p> |
| |
| <p>Vendor: |
| The Apache Software Foundation</p> |
| |
| <p>Versions Affected: |
| Apache Wicket 1.5.10 and 6.13.0</p> |
| |
| <p>Description:</p> |
| |
| <p>By issuing requests to special urls handled by Wicket it is possible to check for the existence of particular classes in the classpath and thus check whether a third party library with a known security vulnerability is in use.</p> |
| |
| <p>The application developers are recommended to upgrade to:</p> |
| <ul> |
| <li><a href="/news/2014/02/06/wicket-1.5.11-released.html">Apache Wicket 1.5.11</a></li> |
| <li><a href="/news/2014/02/20/wicket-6.14.0-released.html">Apache Wicket 6.14.0</a></li> |
| </ul> |
| |
| <p>Credit: |
| This issue was reported by Christian Schneider!</p> |
| |
| <p>Apache Wicket Team</p> |
| :ET |