HomePentest-Tools.com Logo

Apache Wicket 7.16.0, 8.8.0, 9.0.0-M5 Information Disclosure Vulnerability CVE-2020-11976

Severity
CVSSv3 Score
7.5
Vulnerability description

Apache Wicket is prone to an information disclosure vulnerability.

Risk description

By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates. This would allow an attacker to see possibly sensitive information inside a HTML template that is usually removed during rendering. For example if there are credentials in the markup which are never supposed to be visible to the client.

Recommendation

Update to version 7.17.0, 8.9.0, 9.0.0 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Aug 11, 2020
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available