Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2021-23937

A DNS proxy and possible amplification attack vulnerability in WebClientInfo of Apache Wicket allows an attacker to trigger arbitrary DNS lookups from the server when the X-Forwarded-For header is not properly sanitized. This DNS lookup can be engineered to overload an internal DNS server or to slow down request processing of the Apache Wicket application causing a possible denial of service on either the internal infrastructure or the web application itself. This issue affects Apache Wicket Apache Wicket 9.x version 9.2.0 and prior versions; Apache Wicket 8.x version 8.11.0 and prior versions; Apache Wicket 7.x version 7.17.0 and prior versions and Apache Wicket 6.x version 6.2.0 and later versions.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.069
EPSS Ranking 90.9%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2021-23937
  • Apache » Wicket » Version: 6.0.0
    cpe:2.3:a:apache:wicket:6.0.0
  • Apache » Wicket » Version: 6.0.0-beta1
    cpe:2.3:a:apache:wicket:6.0.0-beta1
  • Apache » Wicket » Version: 6.0.0-beta2
    cpe:2.3:a:apache:wicket:6.0.0-beta2
  • Apache » Wicket » Version: 6.0.0-beta3
    cpe:2.3:a:apache:wicket:6.0.0-beta3
  • Apache » Wicket » Version: 6.1.0
    cpe:2.3:a:apache:wicket:6.1.0
  • Apache » Wicket » Version: 6.1.1
    cpe:2.3:a:apache:wicket:6.1.1
  • Apache » Wicket » Version: 6.2.0
    cpe:2.3:a:apache:wicket:6.2.0
  • Apache » Wicket » Version: 7.0.0
    cpe:2.3:a:apache:wicket:7.0.0
  • Apache » Wicket » Version: 7.1.0
    cpe:2.3:a:apache:wicket:7.1.0
  • Apache » Wicket » Version: 7.10.0
    cpe:2.3:a:apache:wicket:7.10.0
  • Apache » Wicket » Version: 7.11.0
    cpe:2.3:a:apache:wicket:7.11.0
  • Apache » Wicket » Version: 7.12.0
    cpe:2.3:a:apache:wicket:7.12.0
  • Apache » Wicket » Version: 7.13.0
    cpe:2.3:a:apache:wicket:7.13.0
  • Apache » Wicket » Version: 7.14.0
    cpe:2.3:a:apache:wicket:7.14.0
  • Apache » Wicket » Version: 7.16.0
    cpe:2.3:a:apache:wicket:7.16.0
  • Apache » Wicket » Version: 7.17.0
    cpe:2.3:a:apache:wicket:7.17.0
  • Apache » Wicket » Version: 7.2.0
    cpe:2.3:a:apache:wicket:7.2.0
  • Apache » Wicket » Version: 7.3.0
    cpe:2.3:a:apache:wicket:7.3.0
  • Apache » Wicket » Version: 7.4.0
    cpe:2.3:a:apache:wicket:7.4.0
  • Apache » Wicket » Version: 7.5.0
    cpe:2.3:a:apache:wicket:7.5.0
  • Apache » Wicket » Version: 7.6.0
    cpe:2.3:a:apache:wicket:7.6.0
  • Apache » Wicket » Version: 7.7.0
    cpe:2.3:a:apache:wicket:7.7.0
  • Apache » Wicket » Version: 7.8.0
    cpe:2.3:a:apache:wicket:7.8.0
  • Apache » Wicket » Version: 7.9.0
    cpe:2.3:a:apache:wicket:7.9.0
  • Apache » Wicket » Version: 8.0.0
    cpe:2.3:a:apache:wicket:8.0.0
  • Apache » Wicket » Version: 8.1.0
    cpe:2.3:a:apache:wicket:8.1.0
  • Apache » Wicket » Version: 8.10.0
    cpe:2.3:a:apache:wicket:8.10.0
  • Apache » Wicket » Version: 8.11.0
    cpe:2.3:a:apache:wicket:8.11.0
  • Apache » Wicket » Version: 8.2.0
    cpe:2.3:a:apache:wicket:8.2.0
  • Apache » Wicket » Version: 8.3.0
    cpe:2.3:a:apache:wicket:8.3.0
  • Apache » Wicket » Version: 8.4.0
    cpe:2.3:a:apache:wicket:8.4.0
  • Apache » Wicket » Version: 8.5.0
    cpe:2.3:a:apache:wicket:8.5.0
  • Apache » Wicket » Version: 8.6.0
    cpe:2.3:a:apache:wicket:8.6.0
  • Apache » Wicket » Version: 8.6.1
    cpe:2.3:a:apache:wicket:8.6.1
  • Apache » Wicket » Version: 8.7.0
    cpe:2.3:a:apache:wicket:8.7.0
  • Apache » Wicket » Version: 8.8.0
    cpe:2.3:a:apache:wicket:8.8.0
  • Apache » Wicket » Version: 8.9.0
    cpe:2.3:a:apache:wicket:8.9.0
  • Apache » Wicket » Version: 9.0.0
    cpe:2.3:a:apache:wicket:9.0.0
  • Apache » Wicket » Version: 9.1.0
    cpe:2.3:a:apache:wicket:9.1.0
  • Apache » Wicket » Version: 9.2.0
    cpe:2.3:a:apache:wicket:9.2.0


Products
Pricing
Contact Us

Shodan ® - All rights reserved