PT-2018-7119 · Hawtio · Hawtio Servlet

Adam Mariš

Publicado

2018-07-26

Atualizado

2022-05-13

CVE-2017-2589

CVSS v3.1

9.0

Crítica

Vetor

AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: hawtio servlet version 1.4

Description: A issue was found where the hawtio servlet uses a single HttpClient instance to proxy requests, resulting in all clients sharing the same cookies due to a persistent cookie store. This means cookies are stored locally and not passed between the client and the end URL.

Recommendations: For hawtio servlet version 1.4, consider disabling the proxy functionality until a patch is available to prevent cookie sharing among clients. Restrict access to the hawtio servlet to minimize the risk of exploitation.

Correção

Information Disclosure

Improper Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200CWE-285

Identificadores relacionados

CVE-2017-2589

GHSA-M4J5-HGQQ-5JF2

Produtos afetados

Hawtio Servlet

PT-2018-7119 · Hawtio · Hawtio Servlet

CVE-2017-2589

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7