Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hawt hawtio vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2019-9827
Hawt Hawtio up to and including 2.5.0 is vulnerable to SSRF, allowing a remote malicious user to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring of a URI.
Hawt Hawtio
605
VMScore
CVE-2017-7556
Hawtio versions up to and including 1.5.3 are vulnerable to CSRF vulnerability allowing remote malicious users to trick the user to visit their website containing a malicious script which can be submitted to hawtio server on behalf of the user.
Hawt Hawtio 1.5.3
NA
CVE-2023-33544
hawtio 2.17.2 is vulnerable to Path Traversal. it is possible to input malicious zip files, which can result in the high-risk files after decompression being stored in any location, even leading to file overwrite.
Hawt Hawtio 2.17.2
668
VMScore
CVE-2014-0121
The admin terminal in Hawt.io does not require authentication, which allows remote malicious users to execute arbitrary commands via the k parameter.
Hawt Hawtio
Redhat Jboss Fuse 6.1.0
605
VMScore
CVE-2014-0120
Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote malicious users to hijack the authentication of arbitrary users for requests that run commands on the Karaf server, as demonstrated by running "shutdown -f."
Hawt Hawtio
Redhat Jboss Fuse 6.1.0
534
VMScore
CVE-2017-2589
It exists that the hawtio servlet 1.4 uses a single HttpClient instance to proxy requests with a persistent cookie store (cookies are stored locally and are not passed between the client and the end URL) which means all clients using that proxy are sharing the same cookies.
Hawt Hawtio 1.4.0
Redhat Jboss Fuse 6.3
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654
CVE-2023-49606
encryption
NULL pointer dereference
CVE-2024-4439
CVE-2024-4649
race condition
CVE-2024-27202
CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started