An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1tNGo1LWhncXEtNWpmMs4AARcl

Insecure cookie sharing in Hawtio

It was discovered that the hawtio servlet 1.4 uses a single HttpClient instance to proxy requests with a persistent cookie store (cookies are stored locally and are not passed between the client and the end URL) which means all clients using that proxy are sharing the same cookies.

Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: over 1 year ago
Updated: 8 months ago

CVSS Score: 9.0
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Identifiers: GHSA-m4j5-hgqq-5jf2, CVE-2017-2589

Affected Packages

Versions: < 1.5.0
Fixed in: 1.5.0