Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
Tomahawk auth timing attack due to usage of strcmp has been identified in Hiawatha webserver version 11.7 which allows a local attacker to access the management client.
AnalysisAI
Tomahawk auth timing attack due to usage of strcmp has been identified in Hiawatha webserver version 11.7 which allows a local attacker to access the management client. [CVSS 3.3 LOW]
Technical ContextAI
Affects Hiawatha. Tomahawk auth timing attack due to usage of strcmp has been identified in Hiawatha webserver version 11.7 which allows a local attacker to access the management client.
RemediationAI
Monitor vendor advisories for a patch.
In Hiawatha before 10.8.4, a remote attacker is able to do directory traversal if AllowDotFiles is enabled. Rated high s
Hiawatha versions up to 11.7 contains a vulnerability that allows attackers to request smuggling has been identified in
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today