Filtered by vendor Hiawatha-webserver
Subscribe
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-57783 | 1 Hiawatha-webserver | 1 Hiawatha | 2026-02-18 | N/A | 5.3 MEDIUM |
| Improper header parsing may lead to request smuggling has been identified in Hiawatha webserver version 11.7 which allows an unauthenticated attacker to access restricted resources managed by Hiawatha webserver. | |||||
| CVE-2025-57784 | 1 Hiawatha-webserver | 1 Hiawatha | 2026-02-18 | N/A | 3.3 LOW |
| Tomahawk auth timing attack due to usage of `strcmp` has been identified in Hiawatha webserver version 11.7 which allows a local attacker to access the management client. | |||||
| CVE-2019-8358 | 1 Hiawatha-webserver | 1 Hiawatha | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| In Hiawatha before 10.8.4, a remote attacker is able to do directory traversal if AllowDotFiles is enabled. | |||||