CVE-2017-2594
MEDIUMhawtio < 1.5.0 - Path Traversal and Information Disclosure via NullPointerException
Title source: llmDescription
hawtio before versions 2.0-beta-1, 2.0-beta-2 2.0-m1, 2.0-m2, 2.0-m3, and 1.5 is vulnerable to a path traversal that leads to a NullPointerException with a full stacktrace. An attacker could use this flaw to gather undisclosed information from within hawtio's root.
References (3)
Core 3
Core References
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2594
Third Party Advisory x_refsource_confirm
https://access.redhat.com/errata/RHSA-2017:1832
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/95793
Scores
CVSS v3
5.4
EPSS
0.0196
EPSS Percentile
77.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Details
CWE
CWE-22
CWE-209
Status
published
Products (2)
hawt/hawtio
< 1.4.68
io.hawt/project
0 - 1.5.0Maven
Published
May 08, 2018
Tracked Since
Feb 18, 2026