Description
In Apache Wicket 1.5.10 or 6.13.0, by issuing requests to special urls handled by Wicket, it is possible to check for the existence of particular classes in the classpath and thus check whether a third party library with a known security vulnerability is in use.
Remediation
References
https://lists.apache.org/thread.html/d95e962f2f059a09f5abf7086c3f4ed22d2ae2c21499d0de95d4435d%401392986987%40%3Cannounce.wicket.apache.org%3E
Related Vulnerabilities
CVE-2017-16068 Vulnerability in npm package ffmepg
CVE-2017-3154 Vulnerability in maven package org.apache.atlas:apache-atlas
CVE-2017-16205 Vulnerability in npm package coffescript
CVE-2020-28482 Vulnerability in npm package fastify-csrf
CVE-2014-2064 Vulnerability in maven package org.jenkins-ci.main:jenkins-core