Hawt Hawtio 1.4.0

CPE Details

Hawt Hawtio 1.4.0
hawt
hawtio
1.4.0
2018-06-12
12h43 +00:00
2018-06-12
12h43 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:hawt:hawtio:1.4.0:*:*:*:*:*:*:*

Informations

Vendor

hawt

Product

hawtio

Version

1.4.0

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2019-9827 2019-07-03 18h13 +00:00 Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote attacker to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring of a URI.
9.8
Critique
CVE-2017-2589 2018-07-26 13h00 +00:00 It was discovered that the hawtio servlet 1.4 uses a single HttpClient instance to proxy requests with a persistent cookie store (cookies are stored locally and are not passed between the client and the end URL) which means all clients using that proxy are sharing the same cookies.
9
Critique
CVE-2017-2594 2018-05-08 15h00 +00:00 hawtio before versions 2.0-beta-1, 2.0-beta-2 2.0-m1, 2.0-m2, 2.0-m3, and 1.5 is vulnerable to a path traversal that leads to a NullPointerException with a full stacktrace. An attacker could use this flaw to gather undisclosed information from within hawtio's root.
7.5
Haute