CVE-2019-9827
CRITICALHawt Hawtio < 2.5.0 - Server-Side Request Forgery via Proxy URI
Title source: llmDescription
Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote attacker to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring of a URI.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.ciphertechs.com/hawtio-advisory/
Scores
CVSS v3
9.8
EPSS
0.2680
EPSS Percentile
97.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-918
Status
published
Products (2)
hawt/hawtio
< 2.5.0
io.hawt/hawtio-core
0 - 2.5.0Maven
Published
Jul 03, 2019
Tracked Since
Feb 18, 2026