CVE-2017-2589
First published: Tue Jan 17 2017(Updated: )
It was discovered that the hawtio servlet 1.4 uses a single HttpClient instance to proxy requests with a persistent cookie store (cookies are stored locally and are not passed between the client and the end URL) which means all clients using that proxy are sharing the same cookies.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat Hawtio | =1.4.0 | |
| Red Hat JBoss Fuse | =6.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-2589?
CVE-2017-2589 has been designated a moderate severity vulnerability.
How do I fix CVE-2017-2589?
To fix CVE-2017-2589, update to Hawtio version 1.4.1 or later and ensure proper configuration of cookie handling.
What are the affected software versions for CVE-2017-2589?
CVE-2017-2589 affects Hawtio version 1.4.0 and Red Hat JBoss Fuse version 6.3.
What kind of vulnerability is CVE-2017-2589?
CVE-2017-2589 is a vulnerability related to improper cookie management in a shared proxy setup.
Can CVE-2017-2589 lead to security risks?
Yes, CVE-2017-2589 can lead to potential security risks by exposing shared session information among users.
- agent/type
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2017-2589
- agent/weakness
- agent/references
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/hawt
- canonical/red hat hawtio
- version/red hat hawtio/1.4.0
- vendor/redhat
- canonical/red hat jboss fuse
- version/red hat jboss fuse/6.3