CVE-2017-2589
First published: Tue Jan 17 2017(Updated: )
It was discovered that the hawtio servlet 1.4 uses a single HttpClient instance to proxy requests with a persistent cookie store (cookies are stored locally and are not passed between the client and the end URL) which means all clients using that proxy are sharing the same cookies.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hawt Hawtio | =1.4.0 | |
| Redhat Jboss Fuse | =6.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2017-2589
- agent/last-modified-date
- agent/tags
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/hawt
- canonical/hawt hawtio
- version/hawt hawtio/1.4.0
- vendor/redhat
- canonical/redhat jboss fuse
- version/redhat jboss fuse/6.3