Vulnerability Details CVE-2017-2589
It was discovered that the hawtio servlet 1.4 uses a single HttpClient instance to proxy requests with a persistent cookie store (cookies are stored locally and are not passed between the client and the end URL) which means all clients using that proxy are sharing the same cookies.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 39.8%
CVSS Severity
CVSS v3 Score 8.7
CVSS v2 Score 6.0
References
Products affected by CVE-2017-2589
-
cpe:2.3:a:hawt:hawtio:1.4.0
-
cpe:2.3:a:redhat:jboss_fuse:6.3