CVE-2017-2617Improper Input Validation in Hawtio

CWE-20Improper Input ValidationCWE-434Unrestricted File Upload5 documents5 sources
Severity
7.8HIGHNVD
CNA7.6
EPSS
0.7%
top 27.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Hawt Hawtio
Timeline
PublishedMay 22
Latest updateMay 13

Description

hawtio before version 1.5.5 is vulnerable to remote code execution via file upload. An attacker could use this vulnerability to upload a crafted file which could be executed on a target machine where hawtio is deployed.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

NVDhawt/hawtio< 1.5.5

🔴Vulnerability Details

2
GHSA
GHSA-3pgx-46rx-xc9j: hawtio before version 12022-05-13
CVEList
CVE-2017-2617: hawtio before version 12018-05-22

📋Vendor Advisories

1
Red Hat
Hawtio: Unrestricted file upload leads to RCE2017-02-04

💬Community

1
Bugzilla
CVE-2017-2617 Hawtio: Unrestricted file upload leads to RCE2017-02-05
CVE-2017-2617 — Improper Input Validation in Hawtio | cvebase