CVE-2017-2617

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: hawtio versions prior to 1.5.5

Description: The issue allows for remote code execution via file upload. An attacker could upload a crafted file to be executed on a target machine where hawtio is deployed.

Recommendations: For versions prior to 1.5.5, update to version 1.5.5 or later to resolve the issue.

Fix

RCE

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-434

Related Identifiers

CVE-2017-2617

Affected Products

Hawtio

CVE-2017-2617

Weakness Enumeration

Related Identifiers

Affected Products

References · 6