CVE-2017-2589 – io.hawt:project

Package

Manager: maven
Name: io.hawt:project
Vulnerable Version: >=0 <1.5.0

Severity

Level: Critical

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00175 pctl0.3935

Details

Insecure cookie sharing in Hawtio It was discovered that the hawtio servlet 1.4 uses a single HttpClient instance to proxy requests with a persistent cookie store (cookies are stored locally and are not passed between the client and the end URL) which means all clients using that proxy are sharing the same cookies.

Metadata

Created: 2022-05-13T01:36:55Z
Modified: 2022-11-04T20:36:38Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-m4j5-hgqq-5jf2/GHSA-m4j5-hgqq-5jf2.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-m4j5-hgqq-5jf2
Finding: F017
Auto approve: 1