3 results (0.005 seconds)

CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 1

Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote attacker to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring of a URI. Hawt Hawtio hasta la versión 2.5.0 es vulnerable a SSRF, permite a un atacante remoto que desencadene una petición HTTP desde un servidor afectado a un host arbitrario mediante initial/proxy/ substring de un URI. Hawtio versions 2.5.0 and below suffer from a server side request forgery vulnerability. • https://www.ciphertechs.com/hawtio-advisory https://access.redhat.com/security/cve/CVE-2019-9827 https://bugzilla.redhat.com/show_bug.cgi?id=1728604 • CWE-602: Client-Side Enforcement of Server-Side Security CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

hawtio before version 1.5.5 is vulnerable to remote code execution via file upload. An attacker could use this vulnerability to upload a crafted file which could be executed on a target machine where hawtio is deployed. hawtio en versiones anteriores a la 1.5.5 es vulnerable a la ejecución remota de código mediante la subida de archivos. Un atacante podría usar esta vulnerabilidad para subir un archivo manipulado que podría ejecutarse en una máquina objetivo en la que se está desplegando hawtio. It was found that a flaw in hawtio could cause remote code execution via file upload. An attacker could use this vulnerability to upload crafted file which could be executed on a target machine where hawtio is deployed. • http://www.securityfocus.com/bid/96036 https://access.redhat.com/errata/RHSA-2018:0319 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2617 https://access.redhat.com/security/cve/CVE-2017-2617 https://bugzilla.redhat.com/show_bug.cgi?id=1419363 • CWE-20: Improper Input Validation CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Hawtio versions up to and including 1.5.3 are vulnerable to CSRF vulnerability allowing remote attackers to trick the user to visit their website containing a malicious script which can be submitted to hawtio server on behalf of the user. Hawtio en sus versiones hasta la 1.5.3 (esta incluida) es vulnerable a una vulnerabilidad CSRF que permite que atacantes remotos engañen al usuario para que visite su sitio web, que contiene un script malicioso que puede ser enviado al servidor de Hawtio en nombre del usuario. • http://www.securityfocus.com/bid/100411 https://bugzilla.redhat.com/show_bug.cgi?id=1480060 • CWE-352: Cross-Site Request Forgery (CSRF) •