It was found that a path traversal vulnerability in hawtio leads to a NullPointerException with a full stacktrace. An attacker can use this flaw to gather undisclosed information from withinhawtio's root.
Name: Hooman Broujerdi (Red Hat)
This issue has been addressed in the following products:
Red Hat JBoss Fuse
Via RHSA-2017:1832 https://access.redhat.com/errata/RHSA-2017:1832
This vulnerability is out of security support scope for the following products:
* Red Hat JBoss Fuse 6
* Red Hat JBoss A-MQ 6
Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):