CVE-2014-7808
high
CVSS v3
7.5
CVSS v4 NEW
โ
VIR risk
7.5
Description
Apache Wicket insecure defaults
Predictions
Exploit likelihood
83%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | org.apache.wicket:wicket-core | <1.5.13 | 1.5.13 |
| Maven | org.apache.wicket:wicket-core | >=6.0.0-beta1,<6.19.0 | 6.19.0 |
| Maven | org.apache.wicket:wicket-core | >=7.0.0-M1,<7.0.0-M5 | 7.0.0-M5 |
References
- http://mail-archives.apache.org/mod_mbox/wicket-users/201502.mbox/%3CCAMomwMpLPDYezc=iFofm1R1Uq37vUFJ8VC-_ex5SU8-HAKBoRw%40mail.gmail.com%3E
- https://www.smrrd.de/cve-2014-7808-apache-wicket-csrf-2014.html
- https://nvd.nist.gov/vuln/detail/CVE-2014-7808
- https://github.com/apache/wicket/commit/d2b8848346b8f806e747dca18799d70c37fc893f
- https://github.com/apache/wicket
- https://lists.apache.org/thread/rqy6lpo5mzco85cbf65r53vdh87gz77b
- https://web.archive.org/web/20180830051017/https://www.smrrd.de/cve-2014-7808-apache-wicket-csrf-2014.html
CWEs
CWE-310
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.