Описание
It was discovered that the hawtio servlet 1.4 uses a single HttpClient instance to proxy requests with a persistent cookie store (cookies are stored locally and are not passed between the client and the end URL) which means all clients using that proxy are sharing the same cookies.
Ссылки
- Vendor Advisory
- Issue TrackingVendor Advisory
- Vendor Advisory
- Issue TrackingVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:hawt:hawtio:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_fuse:6.3:*:*:*:*:*:*:*
EPSS
Процентиль: 39%
0.00175
Низкий
8.7 High
CVSS3
9 Critical
CVSS3
6 Medium
CVSS2
Дефекты
CWE-285
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 8.7
redhat
больше 8 лет назад
It was discovered that the hawtio servlet 1.4 uses a single HttpClient instance to proxy requests with a persistent cookie store (cookies are stored locally and are not passed between the client and the end URL) which means all clients using that proxy are sharing the same cookies.
EPSS
Процентиль: 39%
0.00175
Низкий
8.7 High
CVSS3
9 Critical
CVSS3
6 Medium
CVSS2
Дефекты
CWE-285
NVD-CWE-noinfo