High severity7.5NVD Advisory· Published Oct 30, 2017· Updated May 13, 2026
CVE-2014-3526
CVE-2014-3526
Description
Apache Wicket before 1.5.12, 6.x before 6.17.0, and 7.x before 7.0.0-M3 might allow remote attackers to obtain sensitive information via vectors involving identifiers for storing page markup for temporary user sessions.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.wicket:wicket-coreMaven | < 1.5.12 | 1.5.12 |
org.apache.wicket:wicket-coreMaven | >= 6.0, < 6.17.0 | 6.17.0 |
org.apache.wicket:wicket-coreMaven | >= 7.0.0-M1, < 7.0.0-M3 | 7.0.0-M3 |
Affected products
26cpe:2.3:a:apache:wicket:*:*:*:*:*:*:*:*+ 25 more
- cpe:2.3:a:apache:wicket:*:*:*:*:*:*:*:*range: >=1.5.0,<1.5.12
- cpe:2.3:a:apache:wicket:6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:6.0.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:6.0.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:6.0.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:6.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:6.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:6.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:6.11.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:6.12.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:6.13.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:6.14.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:6.15.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:6.16.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:6.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:6.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:6.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:6.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:6.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:6.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:6.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:6.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:6.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:7.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:7.0.0:milestone1:*:*:*:*:*:*
- cpe:2.3:a:apache:wicket:7.0.0:milestone2:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/advisories/GHSA-q7wx-mhx4-jr8qghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2014-3526ghsaADVISORY
- wicket.apache.org/news/2014/09/22/cve-2014-3526.htmlnvdIssue TrackingThird Party AdvisoryWEB
News mentions
0No linked articles in our index yet.