CVE-2024-53299

Published: Jan 23, 2025Modified: Jun 27, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

The request handling in the core in Apache Wicket 7.0.0 on any platform allows an attacker to create a DOS via multiple requests to server resources. Users are recommended to upgrade to versions 9.19.0 or 10.3.0, which fixes this issue.

Affected (4)

Products: Apache: Wicket

Apache

1 product

Wicket

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Apache Wicket	From 10.0.0 to 10.3.0
Apache Wicket	From 7.0.0 to 7.18.0
Apache Wicket	From 8.0.0 to 8.16.0
Apache Wicket	From 9.0.0 to 9.19.0

Related CWEs

CWE-400

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (2)

https://lists.apache.org/thread/gyp2ht00c62827y0379lxh5dbx3hhho5

Source: security@apache.org

Mailing ListVendor Advisory

http://www.openwall.com/lists/oss-security/2025/01/22/12

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

Timeline

No history available yet.