Path Traversal

io.hawt:hawtio-system is vulnerable to Path Traversal. The vulnerability exists in the unzip function of Zips.java due to a lack of file path sanitization which allows an attacker to overwrite or modify sensitive files in the system...

Server-Side Request Forgery (SSRF)

hawtio-system is vulnerable to server-side request forgery SSRF. A proxy whitelist that is configured to prevent accessing arbitrary URLs was configured but the vulnerability still exists as it is possible to submit HTTP requests to local addresses through the /proxy/ servlet page. This allows a...

Information Disclosure

hawtio-system is vulnerable to an information disclosure. The library displays the entire stack trace when it runs into an exception in accessing a non-existent directory, allowing a malicious user to gather sensitive information from it...

Cross-site Request Forgery (CSRF)

hawtio-system is vulnerable to a cross-site request forgery CSRF attack. The library uses the incorrect header in its CORS Filters, allowing a malicious user to redirect another user to a malicious website that can perform actions as the target user...

Remote Code Execution Via Unrestricted File Upload

hawtio-system is vulnerable to remote code execution. A lack of validation on uploaded files allow a remote attacker to upload a specially crafted file and execute arbitrary commands on the target machine...