CVE-2017-2589

8.7HIGH

Key Information:

Vendor: Red Hat
Status: Hawtio
Vendor: CVE Published:; 26 July 2018

Summary

It was discovered that the hawtio servlet 1.4 uses a single HttpClient instance to proxy requests with a persistent cookie store (cookies are stored locally and are not passed between the client and the end URL) which means all clients using that proxy are sharing the same cookies.

Affected Version(s)

hawtio 1.4

References

https://access.redhat.com/errata/RHSA-2017:1832

vendor-advisoryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2589

x_refsource_CONFIRM

CVSS V3.1

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 26, 2018
Vulnerability Reserved
Dec 1, 2016