Lucene search
Veracode Vulnerability DatabaseVERACODE:20654HistoryJul 04, 2019 - 6:27 a.m.
Server-Side Request Forgery (SSRF)
2019-07-0406:27:26
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
0.033 Low
EPSS
Percentile
91.3%
hawtio-system is vulnerable to server-side request forgery (SSRF). A proxy whitelist that is configured to prevent accessing arbitrary URLs was configured but the vulnerability still exists as it is possible to submit HTTP requests to local addresses through the /proxy/ servlet page. This allows a remote attacker to access restricted resources that are only accessible from the server’s local subnet.
| CPE | Name | Operator | Version |
|---|---|---|---|
| hawtio-system | le | 1.4.68 | |
| hawtio-system | le | 1.4.26 | |
| hawtio-system | le | 1.4.68 | |
| hawtio-system | le | 1.4.26 |
Related
cve
cve
CVE-2019-9827
2019-07-03 21:15:10
redhatcve
redhatcve
CVE-2019-9827
2019-07-10 09:21:44
prion
prion
Server side request forgery (ssrf)
2019-07-03 21:15:00
cvelist
cvelist
CVE-2019-9827
2019-07-03 20:13:06
github
github
Server-Side Request Forgery in Hawt Hawtio
2019-07-05 21:08:09
nvd
nvd
CVE-2019-9827
2019-07-03 21:15:10
zdt
zdt
Hawtio 2.5.0 Server Side Request Forgery Vulnerability
2019-07-03 00:00:00
osv
osv
Server-Side Request Forgery in Hawt Hawtio
2019-07-05 21:08:09
CVE-2019-9827
2019-07-03 21:15:10
packetstorm
packetstorm
Hawtio 2.5.0 Server Side Request Forgery
2019-07-03 00:00:00
redhat
redhat