Google Git
Sign in
apache / wicket-site / 792b705898caf6ebbb57d9c56f136ea1bdce2074 / . / content / news / 2016 / 12 / 31 / cve-2016-6793.html
blob: a1f9b06a67a16dfe8b3750ae191b11c22fa8fe7d [file] [log] [blame]
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<meta charset="utf-8">
<title>CVE-2016-6793 Apache Wicket deserialization vulnerability | Apache Wicket</title>
<meta name="viewport" content="width=device-width, initial-scale=1" />
<link rel="shortcut icon" href="/favicon.ico" type="image/vnd.microsoft.icon" />
<link rel="stylesheet" href="/css/style.css" type="text/css" media="screen" />
<link href="//maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css" rel="stylesheet" />
<script src="//code.jquery.com/jquery-1.11.3.min.js"></script>
</head>
<body class="">
<div class="header default">
<div class="l-container">
<nav class="mainmenu">
<ul>
<!-- /start/quickstart.html || /news/2016/12/31/cve-2016-6793.html -->
<li class=""><a href="/start/quickstart.html">Quick Start</a></li>
<!-- /start/download.html || /news/2016/12/31/cve-2016-6793.html -->
<li class=""><a href="/start/download.html">Download</a></li>
<!-- /learn || /news/2016/12/31/cve-2016-6793.html -->
<li class=""><a href="/learn">Documentation</a></li>
<!-- /help || /news/2016/12/31/cve-2016-6793.html -->
<li class=""><a href="/help">Support</a></li>
<!-- /contribute || /news/2016/12/31/cve-2016-6793.html -->
<li class=""><a href="/contribute">Contribute</a></li>
<!-- /community || /news/2016/12/31/cve-2016-6793.html -->
<li class=""><a href="/community">Community</a></li>
<!-- /apache || /news/2016/12/31/cve-2016-6793.html -->
<li class=""><a href="/apache">Apache</a></li>
</ul>
</nav>
<div class="logo">
<a href="/"><img src="/img/logo-apachewicket.svg" alt="Apache Wicket"></a>
</div>
</div>
</div>
<main>
<div class="l-container">
<header class="l-full preamble">
<h1>CVE-2016-6793 Apache Wicket deserialization vulnerability</h1>
</header>
<section class="toc left">
</section>
<section>
<div class="l-full">
<p class="meta">31 Dec 2016</p>
<p><em>Severity</em>: Low</p>
<p><em>Vendor</em>: The Apache Software Foundation</p>
<p><em>Versions Affected</em>: Apache Wicket 6.x and 1.5.x</p>
<p><em>Description</em>: Depending on the ISerializer set in the Wicket application,
it’s possible that a Wicket’s object deserialized from an untrusted source
and utilized by the application to causes the code to enter in an infinite
loop. Specifically, Wicket’s DiskFileItem class, serialized by Kryo, allows
an attacker to hack its serialized form to put a client on an infinite loop
if the client attempts to write on the DeferredFileOutputStream attribute.</p>
<p><em>Mitigation</em>: Upgrade to Apache Wicket 6.25.0 or 1.5.17</p>
<p><em>Credit</em>: This issue was discovered
by Jacob Baines, Tenable Network Security and Pedro Santos</p>
<p>References: https://wicket.apache.org/news</p>
</div>
</section>
</div>
</main>
<footer>
<div class="l-container">
<div class="left">
<img src="/img/asf_logo_url.svg" style="height:90px; float:left; margin-right:10px;">
<div style="margin-top:12px;">Copyright © 2020 — The Apache Software Foundation. Apache Wicket, Wicket, Apache, the Apache feather logo, and the Apache Wicket project logo are trademarks of The Apache Software Foundation. All other marks mentioned may be trademarks or registered trademarks of their respective owners.</div>
</div>
</div>
</footer>
</body>
</html>