Home > Vulnerability Database > CVE-2014-7808

Mend.io Vulnerability Database

CVE-2014-7808

Good to know:

Date: September 15, 2017

Apache Wicket before 1.5.13, 6.x before 6.19.0, and 7.x before 7.0.0-M5 make it easier for attackers to defeat a cryptographic protection mechanism and predict encrypted URLs by leveraging use of CryptoMapper as the default encryption provider.

Language: Java

Severity Score

7.5

Related Resources (4)

Url: https://www.smrrd.de/cve-2014-7808-apache-wicket-csrf-2014.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2014-7808

Url: http://mail-archives.apache.org/mod_mbox/wicket-users/201502.mbox/%3CCAMomwMpLPDYezc=iFofm1R1Uq37vUFJ8VC-_ex5SU8-HAKBoRw%40mail.gmail.com%3E

Url: https://www.mend.io/vulnerability-database/CVE-2014-7808

Severity Score

7.5

Weakness Type (CWE)

Cryptographic Issues

CWE-310

Top Fix

Upgrade Version

Upgrade to version 1.5.13,6.19.0,7.0.0-M5

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2014-7808

Good to know:

Date: September 15, 2017

Language: Java

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?