CVE-2017-2589 - It was discovered that the hawtio servlet 1.4 uses a single HttpClient instance to proxy requests wi

CVE-2017-2589

Summary

It was discovered that the hawtio servlet 1.4 uses a single HttpClient instance to proxy requests with a persistent cookie store (cookies are stored locally and are not passed between the client and the end URL) which means all clients using that proxy are sharing the same cookies.

References

https://access.redhat.com/errata/RHSA-2017:1832
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2589

Vulnerable Configurations

cpe:2.3:a:hawt:hawtio:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:hawt:hawtio:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_fuse:6.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_fuse:6.3:*:*:*:*:*:*:*

CVSS

Base:	6.0 (as of 09-10-2019 - 23:26)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	SINGLE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:S/C:P/I:P/A:P

redhat via4

advisories

rhsa

id	RHSA-2017:1832

refmap via4

confirm

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2589

Last major update

09-10-2019 - 23:26

Published

26-07-2018 - 15:29

Last modified

09-10-2019 - 23:26