CVE-2019-9827 — Server-Side Request Forgery in Hawtio

CWE-918 — Server-Side Request Forgery CWE-602 — Client-Side Enforcement of Server-Side Security CWE-125 — Out-of-bounds Read7 documents6 sources

Severity

9.8CRITICALNVD

EPSS

0.8%

top 25.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Hawt Hawtio

Timeline

PublishedJul 3

Latest updateSep 4

Description

Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote attacker to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring of a URI.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDhawt/hawtio2.5.0

🔴Vulnerability Details

OSV

Server-Side Request Forgery in Hawt Hawtio↗2019-07-05

▶

GHSA

Server-Side Request Forgery in Hawt Hawtio↗2019-07-05

▶

CVEList

CVE-2019-9827: Hawt Hawtio through 2↗2019-07-03

▶

📋Vendor Advisories

Red Hat

kernel: smb3: fix for slab out of bounds on mount to ksmbd↗2025-09-04

▶

Red Hat

hawtio: server side request forgery via initial /proxy/ substring of a URI↗2019-06-27

▶

💬Community

Bugzilla

CVE-2019-9827 hawtio: server side request forgery via initial /proxy/ substring of a URI↗2019-07-10

▶