Apache Wicket Hidden Files Information Disclosure Vulnerability
BID:52679
Info
Apache Wicket Hidden Files Information Disclosure Vulnerability
| Bugtraq ID: | 52679 |
| Class: | Design Error |
| CVE: |
CVE-2012-1089 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 22 2012 12:00AM |
| Updated: | Mar 22 2012 12:00AM |
| Credit: | Sebastian van Erk |
| Vulnerable: |
Apache Software Foundation Apache Wicket 1.5-RC5.1 Apache Software Foundation Apache Wicket 1.4.18 Apache Software Foundation Apache Wicket 1.4.17 Apache Software Foundation Apache Wicket 1.4.16 |
| Not Vulnerable: |
Apache Software Foundation Apache Wicket 1.5.5 Apache Software Foundation Apache Wicket 1.4.20 |
Discussion
Apache Wicket Hidden Files Information Disclosure Vulnerability
Apache Wicket is prone to an information-disclosure vulnerability.
Successful exploits can allow attackers to obtain potentially sensitive information which may aid in other attacks.
Apache Wicket versions prior to 1.4.20 and 1.5.5 are vulnerable.
Apache Wicket is prone to an information-disclosure vulnerability.
Successful exploits can allow attackers to obtain potentially sensitive information which may aid in other attacks.
Apache Wicket versions prior to 1.4.20 and 1.5.5 are vulnerable.
Exploit / POC
Apache Wicket Hidden Files Information Disclosure Vulnerability
An attacker can exploit this issue through a browser.
An attacker can exploit this issue through a browser.
Solution / Fix
Apache Wicket Hidden Files Information Disclosure Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
Apache Wicket Hidden Files Information Disclosure Vulnerability
References:
References:
- Apache Wicket Homepage (Apache Software Foundation )
- CVE-2012-1089 - Apache Wicket serving of hidden files vulnerability (Apache Software Foundation)