Описание
hawtio before versions 2.0-beta-1, 2.0-beta-2 2.0-m1, 2.0-m2, 2.0-m3, and 1.5 is vulnerable to a path traversal that leads to a NullPointerException with a full stacktrace. An attacker could use this flaw to gather undisclosed information from within hawtio's root.
It was found that a path traversal vulnerability in hawtio leads to a NullPointerException with a full stacktrace. An attacker could use this flaw to gather undisclosed information from within hawtio's root.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss A-MQ 6 | hawtio | Out of support scope | ||
| Red Hat JBoss Fuse 6 | hawtio | Out of support scope | ||
| Red Hat OpenShift Enterprise 2 | hawtio | Will not fix | ||
| Red Hat JBoss A-MQ 6.3 | Fixed | RHSA-2017:1832 | 10.08.2017 | |
| Red Hat JBoss Fuse 6.3 | Fixed | RHSA-2017:1832 | 10.08.2017 |
Показывать по
Дополнительная информация
Статус:
5.4 Medium
CVSS3
Связанные уязвимости
hawtio before versions 2.0-beta-1, 2.0-beta-2 2.0-m1, 2.0-m2, 2.0-m3, and 1.5 is vulnerable to a path traversal that leads to a NullPointerException with a full stacktrace. An attacker could use this flaw to gather undisclosed information from within hawtio's root.
5.4 Medium
CVSS3