All the vulnerabilites related to Red Hat - hawtio
cve-2017-2589
Vulnerability from cvelistv5
Published
2018-07-26 15:00
Modified
2024-08-05 14:02
Severity ?
8.7 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
Summary
It was discovered that the hawtio servlet 1.4 uses a single HttpClient instance to proxy requests with a persistent cookie store (cookies are stored locally and are not passed between the client and the end URL) which means all clients using that proxy are sharing the same cookies.
References
https://access.redhat.com/errata/RHSA-2017:1832vendor-advisory, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2589x_refsource_CONFIRM
Impacted products
Red Hathawtio
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:02:06.497Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:1832",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1832"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2589"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "hawtio",
          "vendor": "Red Hat",
          "versions": [
            {
              "status": "affected",
              "version": "1.4"
            }
          ]
        }
      ],
      "datePublic": "2017-07-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "It was discovered that the hawtio servlet 1.4 uses a single HttpClient instance to proxy requests with a persistent cookie store (cookies are stored locally and are not passed between the client and the end URL) which means all clients using that proxy are sharing the same cookies."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-285",
              "description": "CWE-285",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-27T09:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2017:1832",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1832"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2589"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2017-2589",
    "datePublished": "2018-07-26T15:00:00",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-08-05T14:02:06.497Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}