Description
Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
Remediation
References
http://osvdb.org/80301
http://wicket.apache.org/2012/03/22/wicket-cve-2012-1089.html
http://www.securityfocus.com/bid/52679
https://exchange.xforce.ibmcloud.com/vulnerabilities/74276
Related Vulnerabilities
CVE-2020-1757 Vulnerability in maven package io.undertow:undertow-servlet
CVE-2014-3464 Vulnerability in maven package org.wildfly:wildfly-ejb3
CVE-2023-32995 Vulnerability in maven package io.jenkins.plugins:miniorange-saml-sp
CVE-2016-9879 Vulnerability in maven package org.springframework.security:spring-security-web
CVE-2022-28157 Vulnerability in maven package com.surenpi.jenkins:phoenix-autotest