Filtered by vendor Hiawatha-webserver
Subscriptions
Filtered by product Hiawatha
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-57783 | 2 Hiawatha, Hiawatha-webserver | 2 Web Server, Hiawatha | 2026-02-18 | 5.3 Medium |
| Improper header parsing may lead to request smuggling has been identified in Hiawatha webserver version 11.7 which allows an unauthenticated attacker to access restricted resources managed by Hiawatha webserver. | ||||
| CVE-2025-57784 | 2 Hiawatha, Hiawatha-webserver | 2 Web Server, Hiawatha | 2026-02-18 | 4 Medium |
| Tomahawk auth timing attack due to usage of `strcmp` has been identified in Hiawatha webserver version 11.7 which allows a local attacker to access the management client. | ||||
| CVE-2019-8358 | 1 Hiawatha-webserver | 1 Hiawatha | 2024-11-21 | N/A |
| In Hiawatha before 10.8.4, a remote attacker is able to do directory traversal if AllowDotFiles is enabled. | ||||
Page 1 of 1.