Server-Side Cache Poisoning Vulnerability in JBoss EAP by Red Hat
CVE-2017-7561

7.5HIGH

Key Information:

Vendor: Red Hat
Status: Resteasy
Vendor: CVE Published:; 13 September 2017

🔔 Create Red Hat Vulnerability Alert

What is CVE-2017-7561?

Red Hat JBoss EAP versions 3.0.7 through before 4.0.0.Beta1 are susceptible to a vulnerability within the JAX-RS component that allows for server-side cache poisoning and enables Cross-Origin Resource Sharing (CORS) requests. This issue may lead to unauthorized access to sensitive data or the manipulation of cached data content.

Affected Version(s)

resteasy 3.0.7 through before 4.0.0Beta1

References

https://access.redhat.com/errata/RHSA-2018:0479

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2018:0481

vendor-advisoryx_refsource_REDHAT

http://www.securityfocus.com/bid/100465

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 13, 2017
Vulnerability Reserved
Apr 5, 2017

.