CVE-2014-3526 - Vulnerability Details

Vendors	Products
Apache	Wicket

Link	Providers
https://wicket.apache.org/news/2014/09/22/cve-2014-3526.html

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-09-22T00:00:00", "descriptions": [{"lang": "en", "value": "Apache Wicket before 1.5.12, 6.x before 6.17.0, and 7.x before 7.0.0-M3 might allow remote attackers to obtain sensitive information via vectors involving identifiers for storing page markup for temporary user sessions."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-30T13:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://wicket.apache.org/news/2014/09/22/cve-2014-3526.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-3526", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Apache Wicket before 1.5.12, 6.x before 6.17.0, and 7.x before 7.0.0-M3 might allow remote attackers to obtain sensitive information via vectors involving identifiers for storing page markup for temporary user sessions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://wicket.apache.org/news/2014/09/22/cve-2014-3526.html", "refsource": "CONFIRM", "url": "https://wicket.apache.org/news/2014/09/22/cve-2014-3526.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:50:16.801Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://wicket.apache.org/news/2014/09/22/cve-2014-3526.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-3526", "datePublished": "2017-10-30T14:00:00", "dateReserved": "2014-05-14T00:00:00", "dateUpdated": "2024-08-06T10:50:16.801Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2014-09-22T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Apache Wicket before 1.5.12, 6.x before 6.17.0, and 7.x before 7.0.0-M3 might allow remote attackers to obtain sensitive information via vectors involving identifiers for storing page markup for temporary user sessions. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2017-10-30T13:57:01 (string)

orgId : 53f830b8-0a3f-465b-8143-3b8a9948e749 (string)

shortName : redhat (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://wicket.apache.org/news/2014/09/22/cve-2014-3526.html (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : secalert@redhat.com (string)

ID : CVE-2014-3526 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Apache Wicket before 1.5.12, 6.x before 6.17.0, and 7.x before 7.0.0-M3 might allow remote attackers to obtain sensitive information via vectors involving identifiers for storing page markup for temporary user sessions. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://wicket.apache.org/news/2014/09/22/cve-2014-3526.html (string)

refsource : CONFIRM (string)

url : https://wicket.apache.org/news/2014/09/22/cve-2014-3526.html (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T10:50:16.801Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://wicket.apache.org/news/2014/09/22/cve-2014-3526.html (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 53f830b8-0a3f-465b-8143-3b8a9948e749 (string)

assignerShortName : redhat (string)

cveId : CVE-2014-3526 (string)

datePublished : 2017-10-30T14:00:00 (string)

dateReserved : 2014-05-14T00:00:00 (string)

dateUpdated : 2024-08-06T10:50:16.801Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:wicket:*:*:*:*:*:*:*:*", "matchCriteriaId": "3DD671FB-9967-4ADA-8152-10DEA64F8BB7", "versionEndExcluding": "1.5.12", "versionStartIncluding": "1.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:wicket:6.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "E8C2287A-F526-44C4-AD1D-0BE7857C1FC6", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:wicket:6.0.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "BC22417A-E4B0-4512-8D96-210782855FFF", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:wicket:6.0.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "C594BC43-D6BE-41A8-A307-0166C3DE71A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:wicket:6.0.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "8F160D55-152E-4CA4-A506-E91079D94D10", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:wicket:6.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "FF725E92-BAB8-4A0D-925B-AD4F6065E1D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:wicket:6.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "7C61C7A6-3233-4710-92B6-46562AF18479", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:wicket:6.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "330AA15C-8A05-4302-AD8A-54DE6015642F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:wicket:6.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "18F7EBAA-BE71-43C6-8F28-B23511B88402", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:wicket:6.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "A9D513BF-CC50-4F96-8926-55081BF98EDA", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:wicket:6.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "4DCDA2F5-3C16-4093-81BD-EAB43A804419", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:wicket:6.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "ECE30441-B145-4860-AD95-DF20AB4D8DFB", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:wicket:6.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "710697FA-A859-4E66-B3A2-5A03AB21B1D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:wicket:6.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "7C5A33E3-166A-41CE-8542-7AEEEC8DB42D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:wicket:6.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "94072681-D452-4068-813E-191F3306FDEC", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:wicket:6.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "6B821243-5C36-4B54-8180-C88740B2D58F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:wicket:6.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "83F52DED-EC06-42F9-B851-7E99B0D74851", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:wicket:6.11.0:*:*:*:*:*:*:*", "matchCriteriaId": "74E55244-D41E-48CB-BF65-67F5FE17A703", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:wicket:6.12.0:*:*:*:*:*:*:*", "matchCriteriaId": "7EFD25C8-EBEA-40D0-8D38-23770EA010AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:wicket:6.13.0:*:*:*:*:*:*:*", "matchCriteriaId": "51C6F793-FC42-4189-ACB7-E4CC5BEFA7B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:wicket:6.14.0:*:*:*:*:*:*:*", "matchCriteriaId": "3EF63DDD-3909-495D-A7CF-514A19ED04DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:wicket:6.15.0:*:*:*:*:*:*:*", "matchCriteriaId": "F7396595-B40E-41CB-AAD8-6777A3FF5938", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:wicket:6.16.0:*:*:*:*:*:*:*", "matchCriteriaId": "4BB87904-83A0-42B6-A3B1-57F8A91847A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:wicket:7.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "455D1DE8-2794-458C-AEBB-C957701E511D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:wicket:7.0.0:milestone1:*:*:*:*:*:*", "matchCriteriaId": "AADF9D31-21F8-45AD-8B85-86244D4529F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:wicket:7.0.0:milestone2:*:*:*:*:*:*", "matchCriteriaId": "B6A90E52-0EF7-4C84-814F-9D6EE832C535", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Apache Wicket before 1.5.12, 6.x before 6.17.0, and 7.x before 7.0.0-M3 might allow remote attackers to obtain sensitive information via vectors involving identifiers for storing page markup for temporary user sessions."}, {"lang": "es", "value": "Apache Wicket en versiones anteriores a la 1.5.12, las versiones 6.x anteriores a la 6.17.0 y las versiones 7.x anteriores a la 7.0.0-M3 podr\u00eda permitir que atacantes remotos obtengan informaci\u00f3n sensible mediante vectores relacionados con identificadores para almacenar etiquetas de p\u00e1gina para sesiones de usuario temporales."}], "id": "CVE-2014-3526", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-10-30T14:29:00.500", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://wicket.apache.org/news/2014/09/22/cve-2014-3526.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://wicket.apache.org/news/2014/09/22/cve-2014-3526.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:apache:wicket:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 3DD671FB-9967-4ADA-8152-10DEA64F8BB7 (string)

versionEndExcluding : 1.5.12 (string)

versionStartIncluding : 1.5.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:apache:wicket:6.0.0:*:*:*:*:*:*:* (string)

matchCriteriaId : E8C2287A-F526-44C4-AD1D-0BE7857C1FC6 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:apache:wicket:6.0.0:beta1:*:*:*:*:*:* (string)

matchCriteriaId : BC22417A-E4B0-4512-8D96-210782855FFF (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:apache:wicket:6.0.0:beta2:*:*:*:*:*:* (string)

matchCriteriaId : C594BC43-D6BE-41A8-A307-0166C3DE71A3 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:apache:wicket:6.0.0:beta3:*:*:*:*:*:* (string)

matchCriteriaId : 8F160D55-152E-4CA4-A506-E91079D94D10 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:apache:wicket:6.1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : FF725E92-BAB8-4A0D-925B-AD4F6065E1D5 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:apache:wicket:6.1.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 7C61C7A6-3233-4710-92B6-46562AF18479 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:apache:wicket:6.2.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 330AA15C-8A05-4302-AD8A-54DE6015642F (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:apache:wicket:6.3.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 18F7EBAA-BE71-43C6-8F28-B23511B88402 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:apache:wicket:6.4.0:*:*:*:*:*:*:* (string)

matchCriteriaId : A9D513BF-CC50-4F96-8926-55081BF98EDA (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:apache:wicket:6.5.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 4DCDA2F5-3C16-4093-81BD-EAB43A804419 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:apache:wicket:6.6.0:*:*:*:*:*:*:* (string)

matchCriteriaId : ECE30441-B145-4860-AD95-DF20AB4D8DFB (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:apache:wicket:6.7.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 710697FA-A859-4E66-B3A2-5A03AB21B1D6 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:apache:wicket:6.8.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 7C5A33E3-166A-41CE-8542-7AEEEC8DB42D (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:apache:wicket:6.9.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 94072681-D452-4068-813E-191F3306FDEC (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:apache:wicket:6.9.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 6B821243-5C36-4B54-8180-C88740B2D58F (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:a:apache:wicket:6.10.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 83F52DED-EC06-42F9-B851-7E99B0D74851 (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:a:apache:wicket:6.11.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 74E55244-D41E-48CB-BF65-67F5FE17A703 (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:a:apache:wicket:6.12.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 7EFD25C8-EBEA-40D0-8D38-23770EA010AE (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:a:apache:wicket:6.13.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 51C6F793-FC42-4189-ACB7-E4CC5BEFA7B2 (string)

vulnerable : true (boolean)

}

20 : { »

criteria : cpe:2.3:a:apache:wicket:6.14.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 3EF63DDD-3909-495D-A7CF-514A19ED04DB (string)

vulnerable : true (boolean)

}

21 : { »

criteria : cpe:2.3:a:apache:wicket:6.15.0:*:*:*:*:*:*:* (string)

matchCriteriaId : F7396595-B40E-41CB-AAD8-6777A3FF5938 (string)

vulnerable : true (boolean)

}

22 : { »

criteria : cpe:2.3:a:apache:wicket:6.16.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 4BB87904-83A0-42B6-A3B1-57F8A91847A8 (string)

vulnerable : true (boolean)

}

23 : { »

criteria : cpe:2.3:a:apache:wicket:7.0.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 455D1DE8-2794-458C-AEBB-C957701E511D (string)

vulnerable : true (boolean)

}

24 : { »

criteria : cpe:2.3:a:apache:wicket:7.0.0:milestone1:*:*:*:*:*:* (string)

matchCriteriaId : AADF9D31-21F8-45AD-8B85-86244D4529F7 (string)

vulnerable : true (boolean)

}

25 : { »

criteria : cpe:2.3:a:apache:wicket:7.0.0:milestone2:*:*:*:*:*:* (string)

matchCriteriaId : B6A90E52-0EF7-4C84-814F-9D6EE832C535 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : Apache Wicket before 1.5.12, 6.x before 6.17.0, and 7.x before 7.0.0-M3 might allow remote attackers to obtain sensitive information via vectors involving identifiers for storing page markup for temporary user sessions. (string)

}

1 : { »

lang : es (string)

value : Apache Wicket en versiones anteriores a la 1.5.12, las versiones 6.x anteriores a la 6.17.0 y las versiones 7.x anteriores a la 7.0.0-M3 podría permitir que atacantes remotos obtengan información sensible mediante vectores relacionados con identificadores para almacenar etiquetas de página para sesiones de usuario temporales. (string)

}

]

id : CVE-2014-3526 (string)

lastModified : 2025-04-20T01:37:25.860 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:N/C:P/I:N/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2017-10-30T14:29:00.500 (string)

references : [ »

0 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Issue Tracking (string)

1 : Third Party Advisory (string)

]

url : https://wicket.apache.org/news/2014/09/22/cve-2014-3526.html (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Issue Tracking (string)

1 : Third Party Advisory (string)

]

url : https://wicket.apache.org/news/2014/09/22/cve-2014-3526.html (string)

}

]

sourceIdentifier : secalert@redhat.com (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-200 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object