Описание
The admin terminal in Hawt.io does not require authentication, which allows remote attackers to execute arbitrary commands via the k parameter.
Отчет
Not vulnerable. This issue only affects Red Hat JBoss Fuse 6.1.0 Beta. It is resolved in the general availability release of Red Hat JBoss Fuse 6.1.0. Earlier versions of Red Hat JBoss Fuse are not affected, as they did not include the hawtio-karaf-terminal component.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss Enterprise Web Server 1 | fuse | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Critical
Дефект:
CWE-306
https://bugzilla.redhat.com/show_bug.cgi?id=1072716hawtio-karaf-terminal: remote code execution due to missing authentication
6.5 Medium
CVSS2
Связанные уязвимости
CVSS3: 9.8
nvd
около 8 лет назад
The admin terminal in Hawt.io does not require authentication, which allows remote attackers to execute arbitrary commands via the k parameter.
CVSS3: 9.8
github
больше 3 лет назад
The admin terminal in Hawt.io does not require authentication, which allows remote attackers to execute arbitrary commands via the k parameter.
6.5 Medium
CVSS2