| Detector: | Tikanga |
| Target: | project ' hawtio2 ' version1.2.3 |
| Misuse: | misuse ' SV_CVE_14_0121_2 ' |
| Tags: |
Details about the known misuse from the MUBench dataset.
| Description: | The admin terminal in Hawt.io does not require authentication, which allows remote attackers to execute arbitrary commands via the k parameter. |
| Fix Description: | (see diff) |
| Violations: |
|
| In File: | io/hawt/web/plugin/karaf/terminal/TerminalServlet.java |
| In Method: | doPost(HttpServletRequest, HttpServletResponse) |
| Code with Misuse: |
|
