hsleisink/hiawatha

GitLab

gitlab.com

Releases49

Frequency3 months 1 week

Last Release about 2 months ago

Stars2

Hiawatha is an open source webserver with security, easy to use and lightweight as the three key features. Hiawatha supports among others (Fast)CGI, IPv6, URL rewriting and reverse proxy. It has security features no other webserver has, like blocking SQL injections, XSS and CSRF attacks and exploit attempts. The built-in monitoring tool makes it perfect for large scale deployments. Hiawatha project website: https://hiawatha.leisink.net/

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-57783 ↗	Jan 26, 2026Monday, 26 January 2026, 18:16	5.3 MEDIUM	—
Improper header parsing may lead to request smuggling has been identified in Hiawatha webserver version 11.7 which allows an unauthenticated attacker to access restricted resources managed by Hiawatha webserver.
CVE-2025-57784 ↗	Jan 26, 2026Monday, 26 January 2026, 18:16	3.3 LOW	—
Tomahawk auth timing attack due to usage of `strcmp` has been identified in Hiawatha webserver version 11.7 which allows a local attacker to access the management client.
CVE-2025-57785 ↗	Jan 26, 2026Monday, 26 January 2026, 18:16	6.5 MEDIUM	—
A Double Free in XSLT `show_index` has been identified in Hiawatha webserver version 11.7 which allows an unauthenticated attacker to corrupt data which may lead to arbitrary code execution.