CVE-2017-2594 — Information Exposure via Error Message in Hawtio

CWE-209 — Information Exposure via Error Message CWE-22 — Path Traversal6 documents6 sources

Severity

7.5HIGHNVD

CNA5.4

EPSS

2.0%

top 16.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Hawt Hawtio

Timeline

PublishedMay 8

Latest updateMay 13

Description

hawtio before versions 2.0-beta-1, 2.0-beta-2 2.0-m1, 2.0-m2, 2.0-m3, and 1.5 is vulnerable to a path traversal that leads to a NullPointerException with a full stacktrace. An attacker could use this flaw to gather undisclosed information from within hawtio's root.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDhawt/hawtio1.4.68

🔴Vulnerability Details

GHSA

Path Traversal in io.hawt:project↗2022-05-13

▶

OSV

Path Traversal in io.hawt:project↗2022-05-13

▶

CVEList

CVE-2017-2594: hawtio before versions 2↗2018-05-08

▶

📋Vendor Advisories

Red Hat

hawtio: information Disclosure flaws due to unsafe path traversal↗2017-01-23

▶

💬Community

Bugzilla

CVE-2017-2594 hawtio: information Disclosure flaws due to unsafe path traversal↗2017-01-23

▶