Path Traversal in Apache Wicket
CVE-2012-1089
Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null…
Vulnerability class: Path Traversal (Directory Traversal)
EPSS: 0.015 (81.7th percentile) — read the EPSS interpretation.
Affected products
- Apache Wicket — versions 1.4.0, 1.4.1, 1.4.2
- N/a — versions n/a
Weakness classification (CWE)
References
- 80301 (x_refsource_OSVDB, vdb-entry)
- 52679 (vdb-entry, x_refsource_BID)
- secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
- apache-wicket-dir-traversal(74276) (vdb-entry, x_refsource_XF)