CVE-2019-9827 - Vulnerability Details

Vendors	Products
Hawt	Hawtio
Redhat	Amq Broker Jboss Amq Jboss Fuse

Package	CPE	Advisory	Released Date
Red Hat AMQ
hawtio	cpe:/a:redhat:amq_broker:7	RHSA-2020:4154	2020-10-01T00:00:00Z
	cpe:/a:redhat:amq_broker:7	RHSA-2020:5365	2020-12-08T00:00:00Z
Red Hat Fuse 6.3
hawtio	cpe:/a:redhat:jboss_amq:6.3	RHSA-2020:3587	2020-09-01T00:00:00Z
Red Hat Fuse 7.7.0
hawtio	cpe:/a:redhat:jboss_fuse:7	RHSA-2020:3192	2020-07-28T00:00:00Z

Link	Providers
https://nvd.nist.gov/vuln/detail/CVE-2019-9827
https://www.ciphertechs.com/hawtio-advisory/
https://www.cve.org/CVERecord?id=CVE-2019-9827

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2019-06-27T00:00:00", "descriptions": [{"lang": "en", "value": "Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote attacker to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring of a URI."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-07-03T20:13:06", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.ciphertechs.com/hawtio-advisory/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9827", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote attacker to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring of a URI."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.ciphertechs.com/hawtio-advisory/", "refsource": "MISC", "url": "https://www.ciphertechs.com/hawtio-advisory/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T22:01:54.883Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.ciphertechs.com/hawtio-advisory/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-9827", "datePublished": "2019-07-03T20:13:06", "dateReserved": "2019-03-14T00:00:00", "dateUpdated": "2024-08-04T22:01:54.883Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2019-06-27T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote attacker to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring of a URI. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2019-07-03T20:13:06 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.ciphertechs.com/hawtio-advisory/ (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2019-9827 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote attacker to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring of a URI. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://www.ciphertechs.com/hawtio-advisory/ (string)

refsource : MISC (string)

url : https://www.ciphertechs.com/hawtio-advisory/ (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T22:01:54.883Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.ciphertechs.com/hawtio-advisory/ (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2019-9827 (string)

datePublished : 2019-07-03T20:13:06 (string)

dateReserved : 2019-03-14T00:00:00 (string)

dateUpdated : 2024-08-04T22:01:54.883Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hawt:hawtio:*:*:*:*:*:*:*:*", "matchCriteriaId": "6BF4E9AF-FDDB-4F13-9F3B-58C05783DE58", "versionEndIncluding": "2.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote attacker to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring of a URI."}, {"lang": "es", "value": "Hawt Hawtio hasta la versi\u00f3n 2.5.0 es vulnerable a SSRF, permite a un atacante remoto que desencadene una petici\u00f3n HTTP desde un servidor afectado a un host arbitrario mediante initial/proxy/ substring de un URI."}], "id": "CVE-2019-9827", "lastModified": "2024-11-21T04:52:23.340", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-03T21:15:10.670", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.ciphertechs.com/hawtio-advisory/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.ciphertechs.com/hawtio-advisory/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:hawt:hawtio:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 6BF4E9AF-FDDB-4F13-9F3B-58C05783DE58 (string)

versionEndIncluding : 2.5.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote attacker to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring of a URI. (string)

}

1 : { »

lang : es (string)

value : Hawt Hawtio hasta la versión 2.5.0 es vulnerable a SSRF, permite a un atacante remoto que desencadene una petición HTTP desde un servidor afectado a un host arbitrario mediante initial/proxy/ substring de un URI. (string)

}

]

id : CVE-2019-9827 (string)

lastModified : 2024-11-21T04:52:23.340 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 7.5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:L/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 9.8 (number)

baseSeverity : CRITICAL (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2019-07-03T21:15:10.670 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Exploit (string)

1 : Third Party Advisory (string)

]

url : https://www.ciphertechs.com/hawtio-advisory/ (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

1 : Third Party Advisory (string)

]

url : https://www.ciphertechs.com/hawtio-advisory/ (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-918 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"affected_release": [{"advisory": "RHSA-2020:4154", "cpe": "cpe:/a:redhat:amq_broker:7", "package": "hawtio", "product_name": "Red Hat AMQ", "release_date": "2020-10-01T00:00:00Z"}, {"advisory": "RHSA-2020:5365", "cpe": "cpe:/a:redhat:amq_broker:7", "product_name": "Red Hat AMQ", "release_date": "2020-12-08T00:00:00Z"}, {"advisory": "RHSA-2020:3587", "cpe": "cpe:/a:redhat:jboss_amq:6.3", "package": "hawtio", "product_name": "Red Hat Fuse 6.3", "release_date": "2020-09-01T00:00:00Z"}, {"advisory": "RHSA-2020:3192", "cpe": "cpe:/a:redhat:jboss_fuse:7", "package": "hawtio", "product_name": "Red Hat Fuse 7.7.0", "release_date": "2020-07-28T00:00:00Z"}], "bugzilla": {"description": "hawtio: server side request forgery via initial /proxy/ substring of a URI", "id": "1728604", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728604"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "status": "verified"}, "cwe": "CWE-602", "details": ["Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote attacker to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring of a URI."], "name": "CVE-2019-9827", "package_state": [{"cpe": "cpe:/a:redhat:jboss_amq:6", "fix_state": "Out of support scope", "package_name": "hawtio", "product_name": "Red Hat JBoss A-MQ 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Out of support scope", "package_name": "hawtio", "product_name": "Red Hat JBoss Fuse 6"}], "public_date": "2019-06-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-9827\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9827"], "threat_severity": "Moderate"}

{

affected_release : [ »

0 : { »

advisory : RHSA-2020:4154 (string)

cpe : cpe:/a:redhat:amq_broker:7 (string)

package : hawtio (string)

product_name : Red Hat AMQ (string)

release_date : 2020-10-01T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2020:5365 (string)

cpe : cpe:/a:redhat:amq_broker:7 (string)

product_name : Red Hat AMQ (string)

release_date : 2020-12-08T00:00:00Z (string)

}

2 : { »

advisory : RHSA-2020:3587 (string)

cpe : cpe:/a:redhat:jboss_amq:6.3 (string)

package : hawtio (string)

product_name : Red Hat Fuse 6.3 (string)

release_date : 2020-09-01T00:00:00Z (string)

}

3 : { »

advisory : RHSA-2020:3192 (string)

cpe : cpe:/a:redhat:jboss_fuse:7 (string)

package : hawtio (string)

product_name : Red Hat Fuse 7.7.0 (string)

release_date : 2020-07-28T00:00:00Z (string)

}

]

bugzilla : { »

description : hawtio: server side request forgery via initial /proxy/ substring of a URI (string)

id : 1728604 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1728604 (string)

}

csaw : false (boolean)

cvss3 : { »

cvss3_base_score : 5.5 (string)

cvss3_scoring_vector : CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L (string)

status : verified (string)

}

cwe : CWE-602 (string)

details : [ »

0 : Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote attacker to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring of a URI. (string)

]

name : CVE-2019-9827 (string)

package_state : [ »

0 : { »

cpe : cpe:/a:redhat:jboss_amq:6 (string)

fix_state : Out of support scope (string)

package_name : hawtio (string)

product_name : Red Hat JBoss A-MQ 6 (string)

}

1 : { »

cpe : cpe:/a:redhat:jboss_fuse:6 (string)

fix_state : Out of support scope (string)

package_name : hawtio (string)

product_name : Red Hat JBoss Fuse 6 (string)

}

]

public_date : 2019-06-27T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2019-9827 https://nvd.nist.gov/vuln/detail/CVE-2019-9827 (string)

]

threat_severity : Moderate (string)

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object