CVE-2017-2617

Summary

hawtio before version 1.5.5 is vulnerable to remote code execution via file upload. An attacker could use this vulnerability to upload a crafted file which could be executed on a target machine where hawtio is deployed.

Affected Software

VendorProductVersion RangeStatus
[UNKNOWN]hawtiohawtio 1.5.5affected

Weaknesses

  • CWE-20: CWE-20

ADP Enrichment

CVE Program Container

Additional References

References