Server-Side Cache Poisoning Vulnerability in JBoss EAP by Red Hat
CVE-2017-7561

7.5HIGH

Key Information:

Vendor
Red Hat
Status
Resteasy
Vendor
CVE Published:
13 September 2017

Summary

Red Hat JBoss EAP versions 3.0.7 through before 4.0.0.Beta1 are susceptible to a vulnerability within the JAX-RS component that allows for server-side cache poisoning and enables Cross-Origin Resource Sharing (CORS) requests. This issue may lead to unauthorized access to sensitive data or the manipulation of cached data content.

Affected Version(s)

resteasy 3.0.7 through before 4.0.0Beta1

References

https://access.redhat.com/errata/RHSA-2018:0479
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0481
vendor-advisoryx_refsource_REDHAT
http://www.securityfocus.com/bid/100465
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.