Published: 13/09/2017 Updated: 03/10/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Red Hat JBoss EAP version 3.0.7 through prior to 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat jboss enterprise application platform 3.0.7
redhat jboss enterprise application platform 3.2.3
redhat jboss enterprise application platform 3.2.4
redhat jboss enterprise application platform 3.1.4
redhat jboss enterprise application platform 3.1.5
redhat jboss enterprise application platform 3.1.1
redhat jboss enterprise application platform 3.1.2
redhat jboss enterprise application platform 3.3.0
redhat jboss enterprise application platform 3.5.1
redhat jboss enterprise application platform 3.0.8
redhat jboss enterprise application platform 3.1.0
redhat jboss enterprise application platform 3.2.5
redhat jboss enterprise application platform 3.2.9
redhat jboss enterprise application platform 3.2.13

Debian Bug report logs - #873392 resteasy: CVE-2017-7561: Vary header not added by CORS filter leading to cache poisoning Package: src:resteasy; Maintainer for src:resteasy is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 27 Aug ...

Synopsis Important: Red Hat JBoss Enterprise Application Platform 709 security update on RHEL 6 Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 70 for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as ...

Synopsis Important: Red Hat JBoss Enterprise Application Platform 709 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application PlatformRed Hat Product Security has rated this update as having a security impact of Important A Com ...

Synopsis Important: eap7-jboss-ec2-eap security update Type/Severity Security Advisory: Important Topic An update for eap7-jboss-ec2-eap is now available for Red Hat JBoss Enterprise Application Platform 70 for Red Hat Enterprise Linux 6 and Red Hat JBoss Enterprise Application Platform 70 for Red Hat Ent ...

Synopsis Important: Red Hat JBoss Enterprise Application Platform 709 security update on RHEL 7 Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 70 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as ...

Synopsis Important: jboss-ec2-eap package for EAP 711 Type/Severity Security Advisory: Important Topic An update for eap7-jboss-ec2-eap is now available for Red Hat JBoss Enterprise Application Platform 711 for Red Hat Enterprise Linux 6 and Red Hat JBoss Enterprise Application Platform 711 for Red Ha ...

Synopsis Important: JBoss Enterprise Application Platform 711 on RHEL 6 Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 71 for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impac ...

Synopsis Important: JBoss Enterprise Application Platform 711 for RHEL 7 Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 71 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impa ...

Synopsis Important: Red Hat JBoss Enterprise Application Platform 711 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application PlatformRed Hat Product Security has rated this update as having a security impact of Important A Com ...

It was discovered that the CORS Filter did not add an HTTP Vary header indicating that the response varies depending on Origin This permitted client and server side cache poisoning in some circumstances ...

Get Started

CVE-2017-7561

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect