Base Score

HIGH7.5

CVE-2017-7561

Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact.

VectorNETWORK

Published Bysecalert@redhat.com

Published DateSep 13, 2017, 17:29

Affected Versions(2)

org.jboss.resteasy:resteasy-jaxrs(Maven)

Introduced3.0.7.Final

Fixed3.0.25.Final

LimitN/A

org.jboss.resteasy:resteasy-jaxrs(Maven)

Introduced3.1.4.Final

Fixed3.5.0.CR1

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
org.jboss.resteasy:resteasy-jaxrs(Maven)	3.0.7.Final	3.0.25.Final	N/A
org.jboss.resteasy:resteasy-jaxrs(Maven)	3.1.4.Final	3.5.0.CR1	N/A

Weakness Type (CWE):CWE-444

CVSS Metrics

Base Score

7.5

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Base Severity

HIGH

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

HIGH

Availability (A)

NONE

References

Base Score

HIGH7.5

Weakness Type (CWE):CWE-444

CVSS Metrics

Base Score

7.5

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Base Severity

HIGH

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

HIGH

Availability (A)

NONE