Vulnerabilities > CVE-2017-2589

CVSS 9.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

redhat

hawt

critical

NVD

Published: 2018-07-26

Updated: 2019-10-09

Summary

It was discovered that the hawtio servlet 1.4 uses a single HttpClient instance to proxy requests with a persistent cookie store (cookies are stored locally and are not passed between the client and the end URL) which means all clients using that proxy are sharing the same cookies.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat Jboss Fuse 6.3	1
Application	Hawt Hawt Hawtio 1.4.0	1

Redhat

advisories

rhsa

id	RHSA-2017:1832

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2589
https://access.redhat.com/errata/RHSA-2017:1832

Vulnerabilities > CVE-2017-2589 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2017-2589"}]}

Summary

Vulnerable Configurations

Redhat

References

Vulnerabilities > CVE-2017-2589