What is the severity of CVE-2014-3526?

CVE-2014-3526 is classified as a medium severity vulnerability.

How do I fix CVE-2014-3526?

To fix CVE-2014-3526, upgrade to Apache Wicket versions 1.5.12, 6.17.0, or 7.0.0-M3 or later.

What kind of information can be leaked by CVE-2014-3526?

CVE-2014-3526 may allow remote attackers to obtain sensitive information related to user session page markup.

Which versions of Apache Wicket are affected by CVE-2014-3526?

CVE-2014-3526 affects Apache Wicket versions prior to 1.5.12, 6.x before 6.17.0, and 7.x before 7.0.0-M3.

Is there a risk of exploitation for CVE-2014-3526?

Yes, CVE-2014-3526 poses a risk as it could potentially allow an attacker to exploit session data.

Vulnerability/
CVE-2014-3526

high

7.5

CWE

200

30/10/2017

13/5/2022

6/8/2024

CVE-2014-3526: Infoleak

First published: Mon Oct 30 2017(Updated: )

Apache Wicket before 1.5.12, 6.x before 6.17.0, and 7.x before 7.0.0-M3 might allow remote attackers to obtain sensitive information via vectors involving identifiers for storing page markup for temporary user sessions.

Credit: secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
maven/org.apache.wicket:wicket-core	>=7.0.0-M1<7.0.0-M3	7.0.0-M3
maven/org.apache.wicket:wicket-core	>=6.0<6.17.0	6.17.0
maven/org.apache.wicket:wicket-core	<1.5.12	1.5.12
Apache Wicket	>=1.5.0<1.5.12
Apache Wicket	=6.0.0
Apache Wicket	=6.0.0-beta1
Apache Wicket	=6.0.0-beta2
Apache Wicket	=6.0.0-beta3
Apache Wicket	=6.1.0
Apache Wicket	=6.1.1
Apache Wicket	=6.2.0
Apache Wicket	=6.3.0
Apache Wicket	=6.4.0
Apache Wicket	=6.5.0
Apache Wicket	=6.6.0
Apache Wicket	=6.7.0
Apache Wicket	=6.8.0
Apache Wicket	=6.9.0
Apache Wicket	=6.9.1
Apache Wicket	=6.10.0
Apache Wicket	=6.11.0
Apache Wicket	=6.12.0
Apache Wicket	=6.13.0
Apache Wicket	=6.14.0
Apache Wicket	=6.15.0
Apache Wicket	=6.16.0
Apache Wicket	=7.0.0
Apache Wicket	=7.0.0-milestone1
Apache Wicket	=7.0.0-milestone2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-3526?
CVE-2014-3526 is classified as a medium severity vulnerability.
How do I fix CVE-2014-3526?
To fix CVE-2014-3526, upgrade to Apache Wicket versions 1.5.12, 6.17.0, or 7.0.0-M3 or later.
What kind of information can be leaked by CVE-2014-3526?
CVE-2014-3526 may allow remote attackers to obtain sensitive information related to user session page markup.
Which versions of Apache Wicket are affected by CVE-2014-3526?
CVE-2014-3526 affects Apache Wicket versions prior to 1.5.12, 6.x before 6.17.0, and 7.x before 7.0.0-M3.
Is there a risk of exploitation for CVE-2014-3526?
Yes, CVE-2014-3526 poses a risk as it could potentially allow an attacker to exploit session data.

collector/github-advisory-latest
alias/GHSA-q7wx-mhx4-jr8q
alias/CVE-2014-3526
collector/github-advisory
collector/nvd-index
collector/nvd-cve
agent/author
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/last-modified-date
agent/severity
agent/references
agent/description
agent/event
agent/first-publish-date
agent/trending
agent/tags
agent/source
package-manager/maven
vendor/apache
canonical/apache wicket
version/apache wicket/1.5.0
version/apache wicket/6.0.0
version/apache wicket/6.0.0-beta1
version/apache wicket/6.0.0-beta2
version/apache wicket/6.0.0-beta3
version/apache wicket/6.1.0
version/apache wicket/6.1.1
version/apache wicket/6.2.0
version/apache wicket/6.3.0
version/apache wicket/6.4.0
version/apache wicket/6.5.0
version/apache wicket/6.6.0
version/apache wicket/6.7.0
version/apache wicket/6.8.0
version/apache wicket/6.9.0
version/apache wicket/6.9.1
version/apache wicket/6.10.0
version/apache wicket/6.11.0
version/apache wicket/6.12.0
version/apache wicket/6.13.0
version/apache wicket/6.14.0
version/apache wicket/6.15.0
version/apache wicket/6.16.0
version/apache wicket/7.0.0
version/apache wicket/7.0.0-milestone1
version/apache wicket/7.0.0-milestone2