Vulnerability CVE-2017-2589


Published: 2018-07-26

Description:
It was discovered that the hawtio servlet 1.4 uses a single HttpClient instance to proxy requests with a persistent cookie store (cookies are stored locally and are not passed between the client and the end URL) which means all clients using that proxy are sharing the same cookies.

Type:

CWE-noinfo

CVSS2 => (AV:N/AC:M/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6/10
6.4/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Redhat -> Jboss fuse 
HAWT -> Hawtio 

 References:
https://access.redhat.com/errata/RHSA-2017:1832
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2589

Copyright 2024, cxsecurity.com

 

Back to Top