CVE-2017-7561 — Origin Validation Error in Redhat Jboss Enterprise Application Platform

CWE-346 — Origin Validation Error CWE-444 — HTTP Request Smuggling CWE-345 — Insufficient Verification of Data Authenticity8 documents7 sources

Severity

7.5HIGHNVD

EPSS

1.1%

top 22.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

RED HAT INC Resteasy Redhat Jboss Enterprise Application Platform

Timeline

PublishedSep 13

Latest updateMay 13

Description

Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDredhat/jboss_enterprise_application_platform14 versions+13

▶CVEListV5red_hat_inc/resteasy3.0.7 through before 4.0.0Beta1

Patches

Patch: issues.jboss.org ↗Patch: issues.jboss.org ↗

🔴Vulnerability Details

GHSA

Inconsistent Interpretation of HTTP Requests in Red Hat JBoss EAP↗2022-05-13

▶

OSV

Inconsistent Interpretation of HTTP Requests in Red Hat JBoss EAP↗2022-05-13

▶

CVEList

CVE-2017-7561: Red Hat JBoss EAP version 3↗2017-09-13

▶

OSV

CVE-2017-7561: Red Hat JBoss EAP version 3↗2017-09-13

▶

📋Vendor Advisories

Red Hat

resteasy: Vary header not added by CORS filter leading to cache poisoning↗2017-08-22

▶

Debian

CVE-2017-7561: resteasy - Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a se...↗2017

▶

💬Community

Bugzilla

CVE-2017-7561 resteasy: Vary header not added by CORS filter leading to cache poisoning↗2017-08-22

▶