CVE-2013-2055
First published: Mon Feb 10 2014(Updated: )
Unspecified vulnerability in Apache Wicket 1.4.x before 1.4.23, 1.5.x before 1.5.11, and 6.x before 6.8.0 allows remote attackers to obtain sensitive information via vectors that cause raw HTML templates to be rendered without being processed and reading the information that is outside of wicket:panel markup.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Wicket | =1.4.0 | |
| Apache Wicket | =1.4.1 | |
| Apache Wicket | =1.4.10 | |
| Apache Wicket | =1.4.11 | |
| Apache Wicket | =1.4.12 | |
| Apache Wicket | =1.4.13 | |
| Apache Wicket | =1.4.14 | |
| Apache Wicket | =1.4.15 | |
| Apache Wicket | =1.4.16 | |
| Apache Wicket | =1.4.17 | |
| Apache Wicket | =1.4.18 | |
| Apache Wicket | =1.4.19 | |
| Apache Wicket | =1.4.20 | |
| Apache Wicket | =1.4.21 | |
| Apache Wicket | =1.4.22 | |
| Apache Wicket | =1.5.0 | |
| Apache Wicket | =1.5.1 | |
| Apache Wicket | =1.5.2 | |
| Apache Wicket | =1.5.3 | |
| Apache Wicket | =1.5.4 | |
| Apache Wicket | =1.5.5 | |
| Apache Wicket | =1.5.6 | |
| Apache Wicket | =1.5.7 | |
| Apache Wicket | =1.5.8 | |
| Apache Wicket | =1.5.9 | |
| Apache Wicket | =1.5.10 | |
| Apache Wicket | =6.1.0 | |
| Apache Wicket | =6.1.1 | |
| Apache Wicket | =6.2.0 | |
| Apache Wicket | =6.3.0 | |
| Apache Wicket | =6.4.0 | |
| Apache Wicket | =6.5.0 | |
| Apache Wicket | =6.6.0 | |
| Apache Wicket | =6.7.0 | |
| Apache Wicket | =6.8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-2055?
CVE-2013-2055 has a medium severity rating due to its potential to expose sensitive information.
How do I fix CVE-2013-2055?
To fix CVE-2013-2055, update Apache Wicket to the latest version that is not affected, specifically 1.4.23 or later, 1.5.11 or later, or 6.8.0 or later.
What products are affected by CVE-2013-2055?
CVE-2013-2055 affects Apache Wicket versions 1.4.x before 1.4.23, 1.5.x before 1.5.11, and 6.x before 6.8.0.
Can CVE-2013-2055 lead to information disclosure?
Yes, CVE-2013-2055 can lead to information disclosure by allowing remote attackers to read sensitive information.
Who should be concerned about CVE-2013-2055?
Developers and administrators using affected versions of Apache Wicket should be concerned about CVE-2013-2055.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/severity
- agent/author
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/apache
- canonical/apache wicket
- version/apache wicket/1.4.0
- version/apache wicket/1.4.1
- version/apache wicket/1.4.10
- version/apache wicket/1.4.11
- version/apache wicket/1.4.12
- version/apache wicket/1.4.13
- version/apache wicket/1.4.14
- version/apache wicket/1.4.15
- version/apache wicket/1.4.16
- version/apache wicket/1.4.17
- version/apache wicket/1.4.18
- version/apache wicket/1.4.19
- version/apache wicket/1.4.20
- version/apache wicket/1.4.21
- version/apache wicket/1.4.22
- version/apache wicket/1.5.0
- version/apache wicket/1.5.1
- version/apache wicket/1.5.2
- version/apache wicket/1.5.3
- version/apache wicket/1.5.4
- version/apache wicket/1.5.5
- version/apache wicket/1.5.6
- version/apache wicket/1.5.7
- version/apache wicket/1.5.8
- version/apache wicket/1.5.9
- version/apache wicket/1.5.10
- version/apache wicket/6.1.0
- version/apache wicket/6.1.1
- version/apache wicket/6.2.0
- version/apache wicket/6.3.0
- version/apache wicket/6.4.0
- version/apache wicket/6.5.0
- version/apache wicket/6.6.0
- version/apache wicket/6.7.0
- version/apache wicket/6.8.0