Описание
hawtio before version 1.5.5 is vulnerable to remote code execution via file upload. An attacker could use this vulnerability to upload a crafted file which could be executed on a target machine where hawtio is deployed.
It was found that a flaw in hawtio could cause remote code execution via file upload. An attacker could use this vulnerability to upload crafted file which could be executed on a target machine where hawtio is deployed.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss A-MQ 6 | hawtio | Out of support scope | ||
| Red Hat JBoss Fuse 6 | hawtio | Out of support scope | ||
| Red Hat OpenShift Enterprise 2 | hawtio | Under investigation | ||
| Red Hat JBoss A-MQ 6.3 | Fixed | RHSA-2018:0319 | 14.02.2018 | |
| Red Hat JBoss Fuse 6.3 | Fixed | RHSA-2018:0319 | 14.02.2018 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.6 High
CVSS3
Связанные уязвимости
hawtio before version 1.5.5 is vulnerable to remote code execution via file upload. An attacker could use this vulnerability to upload a crafted file which could be executed on a target machine where hawtio is deployed.
hawtio before version 1.5.5 is vulnerable to remote code execution via file upload. An attacker could use this vulnerability to upload a crafted file which could be executed on a target machine where hawtio is deployed.
EPSS
7.6 High
CVSS3