CVE-2017-7556Cross-Site Request Forgery in HAT INC Hawtio

CWE-352Cross-Site Request Forgery6 documents6 sources
Severity
8.8HIGHNVD
EPSS
0.3%
top 51.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
RED HAT INC HawtioHawt Hawtio
Timeline
PublishedAug 17
Latest updateMay 13

Description

Hawtio versions up to and including 1.5.3 are vulnerable to CSRF vulnerability allowing remote attackers to trick the user to visit their website containing a malicious script which can be submitted to hawtio server on behalf of the user.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDhawt/hawtio1.5.3
CVEListV5red_hat_inc/hawtioup to and including 1.5.3

🔴Vulnerability Details

3
GHSA
Cross-Site Request Forgery in hawtio2022-05-13
OSV
Cross-Site Request Forgery in hawtio2022-05-13
CVEList
CVE-2017-7556: Hawtio versions up to and including 12017-08-17

📋Vendor Advisories

1
Red Hat
Hawtio: CSRF flaw via jolokia2017-08-09

💬Community

1
Bugzilla
CVE-2017-7556 Hawtio: CSRF flaw via jolokia2017-08-10
CVE-2017-7556 — Cross-Site Request Forgery | cvebase