CNNVD-202601-4365 Information
CNNVD ID
CNNVD-202601-4365
Related CVE
- CNNVD Published: 2026-01-26
Description (Chinese)
Hiawatha是Hugo Leisink个人开发者的一套适用于Unix系统的安全Web服务器。该产品能够阻止XSS、SQL注入和CSRF等攻击,并提供服务器监控功能。 Hiawatha 11.7版本存在安全漏洞,该漏洞源于使用strcmp导致计时攻击,可能导致本地攻击者访问管理客户端。
Description (English)
Hiawatha is a secure Web server for the Unix system for the personal developers of Hugo Leisink. The product could prevent attacks such as XSS, SQL injections and CSRF and provide server surveillance. Version 11.7 of Hiawatha contains a security loophole, which stems from the use of sstrcmp leading to timing attacks, which may lead to local attackers visiting and managing clients.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2026-01-26
Last Modified
2026-02-24
References
https://gitlab.com/hsleisink/hiawatha/-/blame/master/src/tomahawk.c?ref_type=heads#L429 https://access.redhat.com/security/cve/cve-2025-57784
Patch
https://gitlab.com/hsleisink/hiawatha/-/tags
Share on: