It was discovered that the CORS Filter did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances.
Find out more about CVE-2017-7561 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS3 Base Score | 5.9 |
---|---|
CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
Attack Vector | Network |
Attack Complexity | High |
Privileges Required | None |
User Interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity Impact | High |
Availability Impact | None |
Platform | Errata | Release Date |
---|---|---|
Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server (eap7-jboss-ec2-eap) | RHSA-2018:0005 | 2018-01-03 |
Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server | RHSA-2018:0002 | 2018-01-03 |
Red Hat JBoss EAP 7 | RHSA-2018:0003 | 2018-01-03 |
Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server | RHSA-2018:0004 | 2018-01-03 |
Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server (eap7-jboss-ec2-eap) | RHSA-2018:0005 | 2018-01-03 |
Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server | RHSA-2018:0480 | 2018-03-12 |
Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Server (eap7-jboss-ec2-eap) | RHSA-2018:0481 | 2018-03-12 |
Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server (eap7-jboss-ec2-eap) | RHSA-2018:0481 | 2018-03-12 |
Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Server | RHSA-2018:0479 | 2018-03-12 |
Red Hat JBoss EAP 7 | RHSA-2018:0478 | 2018-03-12 |
Platform | Package | State |
---|---|---|
Red Hat Single Sign-On 7 | resteasy | Will not fix |
Red Hat OpenShift Application Runtimes 1.0 | swarm | Not affected |
Red Hat JBoss Operations Network 3 | resteasy | Not affected |
Red Hat JBoss Fuse 6 | resteasy | Will not fix |
Red Hat JBoss Data Virtualization 6 | resteasy | Not affected |
Red Hat JBoss Data Grid 7 | resteasy | Will not fix |
Red Hat JBoss A-MQ 6 | resteasy | Will not fix |