What is CVE-2014-0043?

CVE-2014-0043 is a medium-severity vulnerability in Apache Wicket, classified under Information Disclosure. CVSS score: 5.3/10. Published 2017-10-03.

How severe is CVE-2014-0043?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Is CVE-2014-0043 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Information disclosure in Apache Wicket

CVE-2014-0043

In Apache Wicket 1.5.10 or 6.13.0, by issuing requests to special urls handled by Wicket, it is possible to check for the existence of particular classes in the classpath and thus check whether a third party library with a known security v…

Vulnerability class: Information Disclosure

EPSS: 0.008 (74.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

Apache Wicket — versions 1.5.10, 6.13.0
Apache Software Foundation Wicket — versions 6.13.0, 1.5.10

Weakness classification (CWE)

CWE-200 — Information Disclosure

Public proof-of-concept exploits

JJK96/JavaClasspathEnum

References

security@apache.org (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2014-0043?: CVE-2014-0043 is a medium-severity vulnerability in Apache Wicket, classified under Information Disclosure. CVSS score: 5.3/10. Published 2017-10-03.
How severe is CVE-2014-0043?: Medium severity. CVSS v3 base score is 5.3 out of 10.
Is CVE-2014-0043 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.