CVE-2017-2594
hawtio: information Disclosure flaws due to unsafe path traversal
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
hawtio before versions 2.0-beta-1, 2.0-beta-2 2.0-m1, 2.0-m2, 2.0-m3, and 1.5 is vulnerable to a path traversal that leads to a NullPointerException with a full stacktrace. An attacker could use this flaw to gather undisclosed information from within hawtio's root.
hawtio en versiones anteriores a la 2.0-beta-1, 2.0-beta-2 2.0-m1, 2.0-m2, 2.0-m3 y 1.5 es vulnerable a un salto de directorio que conduce a una excepción de puntero NULL con una stacktrace completa. Un atacante podría utilizar este fallo para reunir información no publicada de la raíz de hawtio.
It was found that a path traversal vulnerability in hawtio leads to a NullPointerException with a full stacktrace. An attacker could use this flaw to gather undisclosed information from within hawtio's root.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-12-01 CVE Reserved
- 2017-08-10 CVE Published
- 2024-02-21 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
- CWE-209: Generation of Error Message Containing Sensitive Information
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/95793 | Third Party Advisory | |
| https://access.redhat.com/errata/RHSA-2017:1832 | Third Party Advisory | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2594 | Issue Tracking |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2017-2594 | 2017-08-10 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1415543 | 2017-08-10 |