CVE-2017-2589
Description
It was discovered that the hawtio servlet 1.4 uses a single HttpClient instance to proxy requests with a persistent cookie store (cookies are stored locally and are not passed between the client and the end URL) which means all clients using that proxy are sharing the same cookies.
Risk Information
Base Score
9.0
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.166
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2017-2594,CVE-2017-2589 are fixed in HawtIO-project 1.5.0 | Windows |
| Vulnerabilities CVE-2017-2594,CVE-2017-2589 are fixed in HawtIO-project for Linux 1.5.0 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234