CVE-2017-2589 HIGH

CVE-2017-2589

Vendor Red Hat

Product hawtio

Weakness CWE-285

Published July 26, 2018

Last update August 5, 2024

View on NVD All CVEs

CVSS base score

8.7/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

What the vulnerability does

01Description

It was discovered that the hawtio servlet 1.4 uses a single HttpClient instance to proxy requests with a persistent cookie store (cookies are stored locally and are not passed between the client and the end URL) which means all clients using that proxy are sharing the same cookies.

Key dates

02Disclosure timeline

July 26, 2018 CVE published

August 5, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2017-2589

Related vulnerabilities

04Related CVE

CVE-2025-10277 YunaiV yudao-cloud submit improper authorization CVE-2023-32709 Low-privileged User can View Hashed Default Splunk Password CVE-2022-0829 Improper Authorization in webmin/webmin CVE-2019-15990 Cisco Small Business Routers RV016, RV042, RV042G, and RV082 Information Disclosure Vulnerability CVE-2026-8743 Open5GS AMF/MME context.c ran_ue_find_by_amf_ue_ngap_id improper authorization