Описание
hawtio before version 1.5.5 is vulnerable to remote code execution via file upload. An attacker could use this vulnerability to upload a crafted file which could be executed on a target machine where hawtio is deployed.
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Issue TrackingThird Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Issue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.5.5 (исключая)
cpe:2.3:a:hawt:hawtio:*:*:*:*:*:*:*:*
EPSS
Процентиль: 72%
0.007
Низкий
7.6 High
CVSS3
7.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-20
CWE-434
Связанные уязвимости
CVSS3: 7.6
redhat
около 9 лет назад
hawtio before version 1.5.5 is vulnerable to remote code execution via file upload. An attacker could use this vulnerability to upload a crafted file which could be executed on a target machine where hawtio is deployed.
CVSS3: 7.8
github
больше 3 лет назад
hawtio before version 1.5.5 is vulnerable to remote code execution via file upload. An attacker could use this vulnerability to upload a crafted file which could be executed on a target machine where hawtio is deployed.
EPSS
Процентиль: 72%
0.007
Низкий
7.6 High
CVSS3
7.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-20
CWE-434