VYPR
High severity7.5NVD Advisory· Published Sep 15, 2017· Updated Jun 17, 2026

CVE-2014-7808

CVE-2014-7808

Description

Apache Wicket before 1.5.13, 6.x before 6.19.0, and 7.x before 7.0.0-M5 make it easier for attackers to defeat a cryptographic protection mechanism and predict encrypted URLs by leveraging use of CryptoMapper as the default encryption provider.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.wicket:wicket-coreMaven
< 1.5.131.5.13
org.apache.wicket:wicket-coreMaven
>= 6.0.0-beta1, < 6.19.06.19.0
org.apache.wicket:wicket-coreMaven
>= 7.0.0-M1, < 7.0.0-M57.0.0-M5

Affected products

7
  • Apache/Wicket6 versions
    cpe:2.3:a:apache:wicket:*:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:apache:wicket:*:*:*:*:*:*:*:*range: >=1.5.0,<1.5.13
    • cpe:2.3:a:apache:wicket:7.0.0:milestone1:*:*:*:*:*:*
    • cpe:2.3:a:apache:wicket:7.0.0:milestone2:*:*:*:*:*:*
    • cpe:2.3:a:apache:wicket:7.0.0:milestone3:*:*:*:*:*:*
    • cpe:2.3:a:apache:wicket:7.0.0:milestone4:*:*:*:*:*:*
    • cpe:2.3:a:apache:wicket:7.0.0:milestone5:*:*:*:*:*:*
  • ghsa-coords
    Range: < 1.5.13

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.