Hawtio@* Security Vulnerabilities and Issues — Hawtio@* CVE List

Lucene search

HawtHawtio*

4 matches found

CVE•added 2019/07/03 9:15 p.m.•310 views

CVE-2019-9827

Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote attacker to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring of a URI.

9.8CVSS9.2AI score0.04594EPSS

CVE•added 2018/05/08 5:29 p.m.•61 views

CVE-2017-2594

hawtio before versions 2.0-beta-1, 2.0-beta-2 2.0-m1, 2.0-m2, 2.0-m3, and 1.5 is vulnerable to a path traversal that leads to a NullPointerException with a full stacktrace. An attacker could use this flaw to gather undisclosed information from within hawtio's root.

7.5CVSS7.2AI score0.02072EPSS

CVE•added 2017/12/29 10:29 p.m.•56 views

CVE-2014-0121

The admin terminal in Hawt.io does not require authentication, which allows remote attackers to execute arbitrary commands via the k parameter.

9.8CVSS9.8AI score0.01533EPSS

CVE•added 2017/12/29 10:29 p.m.•42 views

CVE-2014-0120

Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authentication of arbitrary users for requests that run commands on the Karaf server, as demonstrated by running "shutdown -f."

8.8CVSS9.1AI score0.00145EPSS