Описание
It was discovered that the hawtio servlet 1.4 uses a single HttpClient instance to proxy requests with a persistent cookie store (cookies are stored locally and are not passed between the client and the end URL) which means all clients using that proxy are sharing the same cookies.
It was discovered that the hawtio servlet uses a single HttpClient instance to proxy requests with a persistent cookie store (cookies are stored locally and are not passed between the client and the end URL) which means all clients using that proxy are sharing the same cookies.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss A-MQ 6 | hawtio | Affected | ||
| Red Hat JBoss Fuse 6 | hawtio | Affected | ||
| Red Hat OpenShift Enterprise 2 | hawtio | Under investigation | ||
| Red Hat JBoss A-MQ 6.3 | Fixed | RHSA-2017:1832 | 10.08.2017 | |
| Red Hat JBoss Fuse 6.3 | Fixed | RHSA-2017:1832 | 10.08.2017 |
Показывать по
Дополнительная информация
Статус:
EPSS
8.7 High
CVSS3
Связанные уязвимости
It was discovered that the hawtio servlet 1.4 uses a single HttpClient instance to proxy requests with a persistent cookie store (cookies are stored locally and are not passed between the client and the end URL) which means all clients using that proxy are sharing the same cookies.
EPSS
8.7 High
CVSS3