Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote attacker to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring of a URI. Reference: https://www.ciphertechs.com/hawtio-advisory/
This vulnerability is out of security support scope for the following products: * Red Hat JBoss A-MQ 6 * Red Hat JBoss Fuse 6 Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.
This issue has been addressed in the following products: Red Hat Fuse 7.7.0 Via RHSA-2020:3192 https://access.redhat.com/errata/RHSA-2020:3192
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-9827
This issue has been addressed in the following products: Red Hat Fuse 6.3 Via RHSA-2020:3587 https://access.redhat.com/errata/RHSA-2020:3587
This issue has been addressed in the following products: Red Hat AMQ Via RHSA-2020:4154 https://access.redhat.com/errata/RHSA-2020:4154
This issue has been addressed in the following products: Red Hat AMQ Via RHSA-2020:5365 https://access.redhat.com/errata/RHSA-2020:5365