CVE-2014-7808
high
CVSS v3
7.5
CVSS v2
5.0
VIR risk
7.5
Description
Apache Wicket insecure defaults
Predictions
Exploit likelihood
83%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | org.apache.wicket:wicket-core | <1.5.13 | 1.5.13 |
| Maven | org.apache.wicket:wicket-core | >=6.0.0-beta1,<6.19.0 | 6.19.0 |
| Maven | org.apache.wicket:wicket-core | >=7.0.0-M1,<7.0.0-M5 | 7.0.0-M5 |
References
- http://mail-archives.apache.org/mod_mbox/wicket-users/201502.mbox/%3CCAMomwMpLPDYezc=iFofm1R1Uq37vUFJ8VC-_ex5SU8-HAKBoRw%40mail.gmail.com%3E
- https://www.smrrd.de/cve-2014-7808-apache-wicket-csrf-2014.html
- https://nvd.nist.gov/vuln/detail/CVE-2014-7808
- https://github.com/apache/wicket/commit/d2b8848346b8f806e747dca18799d70c37fc893f
- https://github.com/apache/wicket
- https://lists.apache.org/thread/rqy6lpo5mzco85cbf65r53vdh87gz77b
- https://web.archive.org/web/20180830051017/https://www.smrrd.de/cve-2014-7808-apache-wicket-csrf-2014.html
CWEs
CWE-310
Verify integrity in audit chain (admin only). AS-IS.