CVE-2016-6793

The DiskFileItem class in Apache Wicket 6.x before 6.25.0 and 1.5.x before 1.5.17 allows remote attackers to cause a denial of service (infinite loop) and write to, move, and delete files with the permissions of DiskFileItem, and if running on a Java VM before 1.3.1, execute arbitrary code via a crafted serialized Java object.
References
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:wicket:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:wicket:*:*:*:*:*:*:*:*

Information

Published : 2017-07-17 06:18

Updated : 2019-05-06 12:15


NVD link : CVE-2016-6793

Mitre link : CVE-2016-6793


JSON object : View

CWE
CWE-502

Deserialization of Untrusted Data

Advertisement

dedicated server usa

Products Affected

apache

  • wicket