Server-Side Cache Poisoning Vulnerability in JBoss EAP by Red Hat
CVE-2017-7561
7.5HIGH
Summary
Red Hat JBoss EAP versions 3.0.7 through before 4.0.0.Beta1 are susceptible to a vulnerability within the JAX-RS component that allows for server-side cache poisoning and enables Cross-Origin Resource Sharing (CORS) requests. This issue may lead to unauthorized access to sensitive data or the manipulation of cached data content.
Affected Version(s)
resteasy 3.0.7 through before 4.0.0Beta1
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved