Thanks for support! On Aug 5, 2016 16:23, "Martin Grigorov" <[email protected]> wrote:
> Severity: Important > > Vendor: > The Apache Software Foundation > > Versions Affected: > Apache Wicket 1.5.x, 6.x and 7.x > > Descriptions: > > CVE-2016-3092: A malicious client can send file upload requests that cause > the HTTP server > using the Apache Commons Fileupload library to become unresponsive, > preventing > the server from servicing other requests. > This flaw is not exploitable beyond causing the code to loop expending > CPU resources. > > > CVE-2013-2186: > The DiskFileItem class in Apache Commons FileUpload allows remote attackers > to write to arbitrary files via a NULL byte in a file name in a serialized > instance. > > > The application developers are recommended to upgrade to Apache Wicket > 1.5.16, 6.24.0, 7.4.0 > > Since version 7.0.0 Apache Wicket does not embed Apache Commons FileUpload > but uses it as a Maven dependency so an application can just update the > dependency to version 1.3.2. > > > Apache Wicket Team >
