Cookie Sharing Vulnerability in hawtio Servlet by Red Hat
CVE-2017-2589

8.7HIGH

Key Information:

Vendor: Red Hat
Status: Hawtio
Vendor: CVE Published:; 26 July 2018

Summary

A vulnerability has been identified in the hawtio Servlet 1.4, which allows a persistent cookie store to be shared among all clients utilizing the same proxy. This design flaw implies that all clients relying on this proxy could unwittingly share sensitive session cookies, potentially exposing them to unauthorized access and session hijacking attacks. Consequently, organizations leveraging hawtio Servlet should review their deployment configurations and apply best practices to mitigate the associated risks.

Affected Version(s)

hawtio 1.4

References

https://access.redhat.com/errata/RHSA-2017:1832

vendor-advisoryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2589

x_refsource_CONFIRM

CVSS V3.1

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 26, 2018
Vulnerability Reserved
Dec 1, 2016