Skip to main content

Hiawatha

3 CVEs product

Monthly

CVE-2025-57784 LOW Monitor

Tomahawk auth timing attack due to usage of `strcmp` has been identified in Hiawatha webserver version 11.7 which allows a local attacker to access the management client. [CVSS 3.3 LOW]

Information Disclosure Hiawatha
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-57783 MEDIUM This Month

Hiawatha versions up to 11.7 contains a vulnerability that allows attackers to request smuggling has been identified in Hiawatha webserver version 11 (CVSS 5.3).

Information Disclosure Hiawatha
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2019-8358 HIGH This Week

In Hiawatha before 10.8.4, a remote attacker is able to do directory traversal if AllowDotFiles is enabled. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Path Traversal Hiawatha
NVD
CVSS 3.0
8.1
EPSS
1.5%
EPSS 0% CVSS 3.3
LOW Monitor

Tomahawk auth timing attack due to usage of `strcmp` has been identified in Hiawatha webserver version 11.7 which allows a local attacker to access the management client. [CVSS 3.3 LOW]

Information Disclosure Hiawatha
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Hiawatha versions up to 11.7 contains a vulnerability that allows attackers to request smuggling has been identified in Hiawatha webserver version 11 (CVSS 5.3).

Information Disclosure Hiawatha
NVD
EPSS 1% CVSS 8.1
HIGH This Week

In Hiawatha before 10.8.4, a remote attacker is able to do directory traversal if AllowDotFiles is enabled. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Path Traversal Hiawatha
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy