Vulnerabilities > CVE-2017-2589

CVSS 6.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

hawt

redhat

NVD

Published: 2018-07-26

Updated: 2019-10-09

Summary

It was discovered that the hawtio servlet 1.4 uses a single HttpClient instance to proxy requests with a persistent cookie store (cookies are stored locally and are not passed between the client and the end URL) which means all clients using that proxy are sharing the same cookies.

Vulnerable Configurations

Part	Description	Count
Application	Hawt Hawt Hawtio 1.4.0	1
Application	Redhat Redhat Jboss Fuse 6.3	1

Redhat

advisories

rhsa

id	RHSA-2017:1832

References

https://access.redhat.com/errata/RHSA-2017:1832
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2589

Vulnerabilities > CVE-2017-2589 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2017-2589"}]}

Summary

Vulnerable Configurations

Redhat

References

Vulnerabilities > CVE-2017-2589