Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
Improper header parsing may lead to request smuggling has been identified in Hiawatha webserver version 11.7 which allows an unauthenticated attacker to access restricted resources managed by Hiawatha webserver.
AnalysisAI
Hiawatha versions up to 11.7 contains a vulnerability that allows attackers to request smuggling has been identified in Hiawatha webserver version 11 (CVSS 5.3).
Technical ContextAI
affects Hiawatha. Improper header parsing may lead to request smuggling has been identified in Hiawatha webserver version 11.7 which allows an unauthenticated attacker to access restricted resources managed by Hiawatha webserver.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
In Hiawatha before 10.8.4, a remote attacker is able to do directory traversal if AllowDotFiles is enabled. Rated high s
Tomahawk auth timing attack due to usage of `strcmp` has been identified in Hiawatha webserver version 11.7 which allows
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today