Hiawatha
Monthly
Tomahawk auth timing attack due to usage of `strcmp` has been identified in Hiawatha webserver version 11.7 which allows a local attacker to access the management client. [CVSS 3.3 LOW]
Hiawatha versions up to 11.7 contains a vulnerability that allows attackers to request smuggling has been identified in Hiawatha webserver version 11 (CVSS 5.3).
In Hiawatha before 10.8.4, a remote attacker is able to do directory traversal if AllowDotFiles is enabled. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Tomahawk auth timing attack due to usage of `strcmp` has been identified in Hiawatha webserver version 11.7 which allows a local attacker to access the management client. [CVSS 3.3 LOW]
Hiawatha versions up to 11.7 contains a vulnerability that allows attackers to request smuggling has been identified in Hiawatha webserver version 11 (CVSS 5.3).
In Hiawatha before 10.8.4, a remote attacker is able to do directory traversal if AllowDotFiles is enabled. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.