Hiawatha Webserver

hiawatha-webserver

3 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-57784 1Hiawatha Webserver 1Hiawatha Feb 18, 2026 Jan 26, 2026 N/A· v4 3.3 LOW· v3 N/A· v2 Tomahawk auth timing attack due to usage of `strcmp` has been identified in Hiawatha webserver version 11.7 which allows a local attacker to access the management client.
CVE-2025-57783 1Hiawatha Webserver 1Hiawatha Feb 18, 2026 Jan 26, 2026 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Improper header parsing may lead to request smuggling has been identified in Hiawatha webserver version 11.7 which allows an unauthenticated attacker to access restricted resources managed by Hiawatha webserver.
CVE-2019-8358 1Hiawatha Webserver 1Hiawatha Jun 17, 2026 Feb 16, 2019 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 In Hiawatha before 10.8.4, a remote attacker is able to do directory traversal if AllowDotFiles is enabled.