Vulnerability Details : CVE-2013-2055
Unspecified vulnerability in Apache Wicket 1.4.x before 1.4.23, 1.5.x before 1.5.11, and 6.x before 6.8.0 allows remote attackers to obtain sensitive information via vectors that cause raw HTML templates to be rendered without being processed and reading the information that is outside of wicket:panel markup.
Exploit prediction scoring system (EPSS) score for CVE-2013-2055
Probability of exploitation activity in the next 30 days: 0.16%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 51 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-2055
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2013-2055
-
http://www.securityfocus.com/bid/65431
Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
-
https://wicket.apache.org/2013/05/17/wicket-6.8.0-released.html
404 Not FoundVendor Advisory
-
https://wicket.apache.org/2014/02/06/cve-2013-2055.html
404 Not FoundVendor Advisory
-
http://seclists.org/fulldisclosure/2014/Feb/38
Full Disclosure: [CVE-2013-2055] Apache Wicket information disclosure vulnerability
Products affected by CVE-2013-2055
- cpe:2.3:a:apache:wicket:1.4.11:*:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:1.4.12:*:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:1.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:1.4.13:*:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:1.4.14:*:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:1.4.15:*:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:1.4.16:*:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:1.4.17:*:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:1.4.18:*:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:1.4.19:*:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:1.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:1.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:1.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:1.4.20:*:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:1.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:1.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:1.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:6.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:6.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:1.4.21:*:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:1.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:6.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:6.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:1.5.9:*:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:1.5.10:*:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:6.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:6.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:1.4.22:*:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:6.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:6.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:6.7.0:*:*:*:*:*:*:*