CVE-2016-6806 in Wicketinformazioni

Riassunto

di MITRE

Apache Wicket 6.x before 6.25.0, 7.x before 7.5.0, and 8.0.0-M1 provide a CSRF prevention measure that fails to discover some cross origin requests. The mitigation is to not only check the Origin HTTP header, but also take the Referer HTTP header into account when no Origin was provided. Furthermore, not all Wicket server side targets were subjected to the CSRF check. This was also fixed.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Prenotare

12/08/2016

Divulgazione

02/10/2017

Moderazione

accettato

Voce

VDB-107333

CPE

pronto

CWE

CWE-352 (confermato)

CVSS

8.8 (NVD)

EPSS

0.00822

KEV

Attività

molto basso

Fonti

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-6806
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-6806
CVE Details	https://www.cvedetails.com/cve/CVE-2016-6806/

◂ Precedente Visione D'ensemble Il prossimo ▸

Might our Artificial Intelligence support you?

Check our Alexa App!