CVE-2017-2589
8.7
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
Summary
It was discovered that the hawtio servlet 1.4 uses a single HttpClient instance to proxy requests with a persistent cookie store (cookies are stored locally and are not passed between the client and the end URL) which means all clients using that proxy are sharing the same cookies.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | hawtio | 1.4 | affected |
Weaknesses
- CWE-285: CWE-285
ADP Enrichment
CVE Program Container
Additional References
- https://access.redhat.com/errata/RHSA-2017:1832
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2589
References
- https://access.redhat.com/errata/RHSA-2017:1832
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2589
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.