Test Kennung:	1.3.6.1.4.1.25623.1.0.107117
Kategorie:	Denial of Service
Titel:	Apache Wicket DoS Vulnerability (Dec 2016)
Zusammenfassung:	Apache Wicket is prone to a denial of service (DoS); vulnerability.
Beschreibung:	Summary: Apache Wicket is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: Depending on the ISerializer set in the Wicket application, it's possible that a Wicket object deserialized from an untrusted source and utilized by the application causes the code to enter an infinite loop. Vulnerability Impact: Successful exploitation will allow remote attackers to cause the application to enter an infinite loop and consume excessive CPU resources, resulting in denial-of-service conditions. Affected Software/OS: Apache Wicket versions 1.5.x through 1.5.16 and 6.x through 6.24.0. Solution: Update to version 1.5.17, 6.25.0 or later. CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2016-6793 BugTraq ID: 95168 http://www.securityfocus.com/bid/95168 Bugtraq: 20161231 Fwd: [ANNOUNCE] CVE-2016-6793 Apache Wicket deserialization vulnerability (Google Search) http://www.securityfocus.com/archive/1/539975/100/0/threaded https://www.tenable.com/security/research/tra-2016-23 http://www.openwall.com/lists/oss-security/2016/12/31/1 http://www.securitytracker.com/id/1037541
Copyright	Copyright (C) 2017 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.