Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hawt hawtio vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2019-9827
Hawt Hawtio up to and including 2.5.0 is vulnerable to SSRF, allowing a remote malicious user to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring of a URI.
Hawt Hawtio
NA
CVE-2023-33544
hawtio 2.17.2 is vulnerable to Path Traversal. it is possible to input malicious zip files, which can result in the high-risk files after decompression being stored in any location, even leading to file overwrite.
Hawt Hawtio 2.17.2
6.8
CVSSv2
CVE-2017-7556
Hawtio versions up to and including 1.5.3 are vulnerable to CSRF vulnerability allowing remote malicious users to trick the user to visit their website containing a malicious script which can be submitted to hawtio server on behalf of the user.
Hawt Hawtio 1.5.3
6.8
CVSSv2
CVE-2014-0120
Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote malicious users to hijack the authentication of arbitrary users for requests that run commands on the Karaf server, as demonstrated by running "shutdown -f."
Hawt Hawtio
Redhat Jboss Fuse 6.1.0
7.5
CVSSv2
CVE-2014-0121
The admin terminal in Hawt.io does not require authentication, which allows remote malicious users to execute arbitrary commands via the k parameter.
Hawt Hawtio
Redhat Jboss Fuse 6.1.0
6
CVSSv2
CVE-2017-2589
It exists that the hawtio servlet 1.4 uses a single HttpClient instance to proxy requests with a persistent cookie store (cookies are stored locally and are not passed between the client and the end URL) which means all clients using that proxy are sharing the same cookies.
Hawt Hawtio 1.4.0
Redhat Jboss Fuse 6.3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
CVE-2006-4304
CVE-2023-26603
CVE-2024-28327
CVE-2023-50363
CVE-2024-21905
template injection
CVE-2024-3400
cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started