HomePentest-Tools.com Logo

Apache Wicket CSRF Detection Vulnerability CVE-2016-6806

Severity
CVSSv3 Score
8.8
Vulnerability description

Apache Wicket is prone to a vulnerability affecting the cross-site request forgery (CSRF) detection.

Risk description

Affected versions of Apache Wicket provide a CSRF prevention measure that fails to discover some cross origin requests

Recommendation

6.x users should upgrade to 6.25.0, 7.x users should upgrade to 7.5.0 and 8.0.0-M1 users should upgrade to 8.0.0-M2.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Oct 3, 2017
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available