cpe:/a:apache:wicket:1.4.0 cpe:/a:apache:wicket:1.4.1 cpe:/a:apache:wicket:1.4.2 cpe:/a:apache:wicket:1.4.3 cpe:/a:apache:wicket:1.4.4 cpe:/a:apache:wicket:1.4.5 cpe:/a:apache:wicket:1.4.6 cpe:/a:apache:wicket:1.4.7 cpe:/a:apache:wicket:1.4.8 cpe:/a:apache:wicket:1.4.9 cpe:/a:apache:wicket:1.4.10 cpe:/a:apache:wicket:1.4.11 cpe:/a:apache:wicket:1.4.12 cpe:/a:apache:wicket:1.4.13 cpe:/a:apache:wicket:1.4.14 cpe:/a:apache:wicket:1.4.15 cpe:/a:apache:wicket:1.4.16 cpe:/a:apache:wicket:1.4.17 cpe:/a:apache:wicket:1.4.18 cpe:/a:apache:wicket:1.4.19 cpe:/a:apache:wicket:1.5.0 cpe:/a:apache:wicket:1.5.1 cpe:/a:apache:wicket:1.5.2 cpe:/a:apache:wicket:1.5.3 cpe:/a:apache:wicket:1.5.4 CVE-2012-1089 2012-03-23T14:55:01.177-04:00 2017-12-12T21:29:02.547-05:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2012-03-26T09:21:00.000-04:00 BID 52679 OSVDB 80301 XF apache-wicket-dir-traversal(74276) CONFIRM http://wicket.apache.org/2012/03/22/wicket-cve-2012-1089.html Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.