{"containers": {"cna": {"affected": [{"product": "resteasy", "vendor": "Red Hat, Inc.", "versions": [{"status": "affected", "version": "3.0.7 through before 4.0.0Beta1"}]}], "datePublic": "2017-08-22T00:00:00", "descriptions": [{"lang": "en", "value": "Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-346", "description": "CWE-346", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-03-13T09:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2018:0479", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:0479"}, {"name": "RHSA-2018:0481", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:0481"}, {"name": "100465", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/100465"}, {"name": "RHSA-2018:0002", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:0002"}, {"name": "RHSA-2018:0004", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:0004"}, {"name": "RHSA-2018:0003", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:0003"}, {"name": "RHSA-2018:0480", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:0480"}, {"name": "RHSA-2018:0005", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:0005"}, {"tags": ["x_refsource_MISC"], "url": "https://issues.jboss.org/browse/RESTEASY-1704"}, {"name": "RHSA-2018:0478", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:0478"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "DATE_PUBLIC": "2017-08-22T00:00:00", "ID": "CVE-2017-7561", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "resteasy", "version": {"version_data": [{"version_value": "3.0.7 through before 4.0.0Beta1"}]}}]}, "vendor_name": "Red Hat, Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-346"}]}]}, "references": {"reference_data": [{"name": "RHSA-2018:0479", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0479"}, {"name": "RHSA-2018:0481", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0481"}, {"name": "100465", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100465"}, {"name": "RHSA-2018:0002", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0002"}, {"name": "RHSA-2018:0004", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0004"}, {"name": "RHSA-2018:0003", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0003"}, {"name": "RHSA-2018:0480", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0480"}, {"name": "RHSA-2018:0005", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0005"}, {"name": "https://issues.jboss.org/browse/RESTEASY-1704", "refsource": "MISC", "url": "https://issues.jboss.org/browse/RESTEASY-1704"}, {"name": "RHSA-2018:0478", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0478"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T16:04:12.046Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2018:0479", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:0479"}, {"name": "RHSA-2018:0481", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:0481"}, {"name": "100465", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/100465"}, {"name": "RHSA-2018:0002", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:0002"}, {"name": "RHSA-2018:0004", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:0004"}, {"name": "RHSA-2018:0003", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:0003"}, {"name": "RHSA-2018:0480", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:0480"}, {"name": "RHSA-2018:0005", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:0005"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://issues.jboss.org/browse/RESTEASY-1704"}, {"name": "RHSA-2018:0478", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:0478"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2017-7561", "datePublished": "2017-09-13T17:00:00Z", "dateReserved": "2017-04-05T00:00:00", "dateUpdated": "2024-09-16T22:35:06.807Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "25033CDC-E3CA-47D6-B1BB-6838D9DCAF8A", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "5D7CB4CB-4143-4FC1-970C-D102BA119B38", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "9F498215-6D52-4F74-A8ED-D151DA1E09E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "FCEB4E47-CE89-437D-BA89-4FC163F6BDE9", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "9B8683E0-C5FF-4D6A-8079-08E822733B41", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "926A7B4B-54B3-4E58-A66E-1DBD6246F657", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "BDF85FD4-6231-4554-AF41-D3EEA2D56466", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "A5C8C145-1E87-44FA-881E-7EF9F737AF50", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "AED9028C-999D-4658-91FD-9083E822CADF", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "94E9BAD1-3484-4758-A3FC-D42F963A5A06", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.2.9:*:*:*:*:*:*:*", "matchCriteriaId": "E65D0A95-B2C2-4708-B0FB-8D3100FD522B", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.2.13:*:*:*:*:*:*:*", "matchCriteriaId": "04F3E403-66B7-4E23-9B9D-E6BB2F7D56C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "4BC3A3D4-CB51-40AA-9267-5D723DC71421", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "431D16DC-F569-4CA9-8BF2-9CB7E3D2856D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact."}, {"lang": "es", "value": "Red Hat JBoss EAP en su versi\u00f3n 3.0.7 hasta antes de la versi\u00f3n 4.0.0.Beta1 es vulnerable a un envenenamiento de la cach\u00e9 por parte del servidor o a peticiones CORS en el componente JAX-RS, resultando en un impacto moderado."}], "id": "CVE-2017-7561", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-09-13T17:29:00.947", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/100465"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2018:0002"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2018:0003"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2018:0004"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2018:0005"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2018:0478"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2018:0479"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2018:0480"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2018:0481"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://issues.jboss.org/browse/RESTEASY-1704"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/100465"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2018:0002"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2018:0003"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2018:0004"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2018:0005"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2018:0478"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2018:0479"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2018:0480"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2018:0481"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://issues.jboss.org/browse/RESTEASY-1704"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-346"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-444"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Jason Shepherd (Red Hat Product Security).", "affected_release": [{"advisory": "RHSA-2018:0003", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "package": "resteasy", "product_name": "Red Hat JBoss EAP 7", "release_date": "2018-01-03T00:00:00Z"}, {"advisory": "RHSA-2018:0478", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "package": "resteasy", "product_name": "Red Hat JBoss EAP 7", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0002", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package": "eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6", "release_date": "2018-01-03T00:00:00Z"}, {"advisory": "RHSA-2018:0002", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package": "eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6", "release_date": "2018-01-03T00:00:00Z"}, {"advisory": "RHSA-2018:0002", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package": "eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6", "release_date": "2018-01-03T00:00:00Z"}, {"advisory": "RHSA-2018:0002", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package": "eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6", "release_date": "2018-01-03T00:00:00Z"}, {"advisory": "RHSA-2018:0002", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package": "eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6", "release_date": "2018-01-03T00:00:00Z"}, {"advisory": "RHSA-2018:0002", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package": "eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6", "release_date": "2018-01-03T00:00:00Z"}, {"advisory": "RHSA-2018:0002", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package": "eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6", "release_date": "2018-01-03T00:00:00Z"}, {"advisory": "RHSA-2018:0002", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package": "eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6", "release_date": "2018-01-03T00:00:00Z"}, {"advisory": "RHSA-2018:0002", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package": "eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6", "release_date": "2018-01-03T00:00:00Z"}, {"advisory": "RHSA-2018:0002", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package": "eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6", "release_date": "2018-01-03T00:00:00Z"}, {"advisory": "RHSA-2018:0005", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package": "eap7-jboss-ec2-eap-0:7.0.9-2.GA_redhat_2.ep7.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6", "release_date": "2018-01-03T00:00:00Z"}, {"advisory": "RHSA-2018:0004", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el7", "package": "eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7", "release_date": "2018-01-03T00:00:00Z"}, {"advisory": "RHSA-2018:0004", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el7", "package": "eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7", "release_date": "2018-01-03T00:00:00Z"}, {"advisory": "RHSA-2018:0004", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el7", "package": "eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7", "release_date": "2018-01-03T00:00:00Z"}, {"advisory": "RHSA-2018:0004", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el7", "package": "eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7", "release_date": "2018-01-03T00:00:00Z"}, {"advisory": "RHSA-2018:0004", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el7", "package": "eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7", "release_date": "2018-01-03T00:00:00Z"}, {"advisory": "RHSA-2018:0004", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el7", "package": "eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7", "release_date": "2018-01-03T00:00:00Z"}, {"advisory": "RHSA-2018:0004", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el7", "package": "eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7", "release_date": "2018-01-03T00:00:00Z"}, {"advisory": "RHSA-2018:0004", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el7", "package": "eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7", "release_date": "2018-01-03T00:00:00Z"}, {"advisory": "RHSA-2018:0004", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el7", "package": "eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7", "release_date": "2018-01-03T00:00:00Z"}, {"advisory": "RHSA-2018:0004", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el7", "package": "eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7", "release_date": "2018-01-03T00:00:00Z"}, {"advisory": "RHSA-2018:0005", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el7", "package": "eap7-jboss-ec2-eap-0:7.0.9-2.GA_redhat_2.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7", "release_date": "2018-01-03T00:00:00Z"}, {"advisory": "RHSA-2018:0479", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package": "eap7-activemq-artemis-0:1.5.5.009-1.redhat_1.1.ep7.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0479", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package": "eap7-apache-cxf-0:3.1.13-1.redhat_1.1.ep7.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0479", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package": "eap7-glassfish-jsf-0:2.2.13-6.SP5_redhat_1.1.ep7.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0479", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package": "eap7-hibernate-0:5.1.12-1.Final_redhat_1.1.ep7.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0479", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package": "eap7-infinispan-0:8.2.9-1.Final_redhat_1.1.ep7.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0479", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package": "eap7-ironjacamar-0:1.4.7-1.Final_redhat_1.1.ep7.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0479", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package": "eap7-jackson-annotations-0:2.8.11-1.redhat_1.1.ep7.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0479", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package": "eap7-jackson-core-0:2.8.11-1.redhat_1.1.ep7.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0479", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package": "eap7-jackson-databind-0:2.8.11-1.redhat_1.1.ep7.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0479", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package": "eap7-jackson-jaxrs-providers-0:2.8.11-1.redhat_1.1.ep7.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0479", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package": "eap7-jackson-module-jaxb-annotations-0:2.8.11-1.redhat_1.1.ep7.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0479", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package": "eap7-jackson-modules-java8-0:2.8.11-1.redhat_1.1.ep7.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0479", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package": "eap7-jboss-logmanager-0:2.0.8-1.Final_redhat_1.1.ep7.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0479", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package": "eap7-jboss-server-migration-0:1.0.3-6.Final_redhat_6.1.ep7.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0479", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package": "eap7-jbossws-cxf-0:5.1.10-1.Final_redhat_1.1.ep7.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0479", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package": "eap7-narayana-0:5.5.31-1.Final_redhat_1.1.ep7.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0479", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package": "eap7-picketlink-bindings-0:2.5.5-10.SP9_redhat_1.1.ep7.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0479", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package": "eap7-picketlink-federation-0:2.5.5-10.SP9_redhat_1.1.ep7.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0479", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package": "eap7-resteasy-0:3.0.25-1.Final_redhat_1.1.ep7.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0479", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package": "eap7-undertow-0:1.4.18-4.SP2_redhat_1.1.ep7.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0479", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package": "eap7-undertow-jastow-0:2.0.3-1.Final_redhat_1.1.ep7.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0479", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package": "eap7-wildfly-0:7.1.1-4.GA_redhat_2.1.ep7.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0479", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package": "eap7-wildfly-elytron-0:1.1.8-1.Final_redhat_1.1.ep7.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0479", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package": "eap7-wildfly-http-client-0:1.0.9-1.Final_redhat_1.1.ep7.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0479", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package": "eap7-wildfly-javadocs-0:7.1.1-3.GA_redhat_2.1.ep7.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0479", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package": "eap7-wss4j-0:2.1.11-1.redhat_1.1.ep7.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0479", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package": "eap7-xml-security-0:2.0.9-1.redhat_1.1.ep7.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7::el6", "package": "eap7-jboss-ec2-eap-0:7.1.1-3.1.GA_redhat_3.ep7.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0480", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7", "package": "eap7-activemq-artemis-0:1.5.5.009-1.redhat_1.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0480", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7", "package": "eap7-apache-cxf-0:3.1.13-1.redhat_1.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0480", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7", "package": "eap7-glassfish-jsf-0:2.2.13-6.SP5_redhat_1.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0480", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7", "package": "eap7-hibernate-0:5.1.12-1.Final_redhat_1.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0480", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7", "package": "eap7-infinispan-0:8.2.9-1.Final_redhat_1.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0480", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7", "package": "eap7-ironjacamar-0:1.4.7-1.Final_redhat_1.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0480", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7", "package": "eap7-jackson-annotations-0:2.8.11-1.redhat_1.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0480", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7", "package": "eap7-jackson-core-0:2.8.11-1.redhat_1.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0480", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7", "package": "eap7-jackson-databind-0:2.8.11-1.redhat_1.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0480", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7", "package": "eap7-jackson-jaxrs-providers-0:2.8.11-1.redhat_1.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0480", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7", "package": "eap7-jackson-module-jaxb-annotations-0:2.8.11-1.redhat_1.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0480", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7", "package": "eap7-jackson-modules-java8-0:2.8.11-1.redhat_1.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0480", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7", "package": "eap7-jboss-logmanager-0:2.0.8-1.Final_redhat_1.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0480", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7", "package": "eap7-jboss-server-migration-0:1.0.3-6.Final_redhat_6.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0480", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7", "package": "eap7-jbossws-cxf-0:5.1.10-1.Final_redhat_1.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0480", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7", "package": "eap7-narayana-0:5.5.31-1.Final_redhat_1.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0480", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7", "package": "eap7-picketlink-bindings-0:2.5.5-10.SP9_redhat_1.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0480", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7", "package": "eap7-picketlink-federation-0:2.5.5-10.SP9_redhat_1.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0480", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7", "package": "eap7-resteasy-0:3.0.25-1.Final_redhat_1.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0480", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7", "package": "eap7-undertow-0:1.4.18-4.SP2_redhat_1.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0480", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7", "package": "eap7-undertow-jastow-0:2.0.3-1.Final_redhat_1.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0480", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7", "package": "eap7-wildfly-0:7.1.1-4.GA_redhat_2.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0480", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7", "package": "eap7-wildfly-elytron-0:1.1.8-1.Final_redhat_1.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0480", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7", "package": "eap7-wildfly-http-client-0:1.0.9-1.Final_redhat_1.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0480", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7", "package": "eap7-wildfly-javadocs-0:7.1.1-3.GA_redhat_2.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0480", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7", "package": "eap7-wss4j-0:2.1.11-1.redhat_1.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0480", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7", "package": "eap7-xml-security-0:2.0.9-1.redhat_1.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7", "release_date": "2018-03-12T00:00:00Z"}, {"advisory": "RHSA-2018:0481", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7", "package": "eap7-jboss-ec2-eap-0:7.1.1-3.1.GA_redhat_3.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7", "release_date": "2018-03-12T00:00:00Z"}], "bugzilla": {"description": "resteasy: Vary header not added by CORS filter leading to cache poisoning", "id": "1483823", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1483823"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified"}, "cwe": "CWE-345", "details": ["Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact.", "It was discovered that the CORS Filter did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances."], "name": "CVE-2017-7561", "package_state": [{"cpe": "cpe:/a:redhat:jboss_amq:6", "fix_state": "Will not fix", "package_name": "resteasy", "product_name": "Red Hat JBoss A-MQ 6"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:7", "fix_state": "Not affected", "package_name": "resteasy", "product_name": "Red Hat JBoss Data Grid 7"}, {"cpe": "cpe:/a:redhat:jboss_data_virtualization:6", "fix_state": "Not affected", "package_name": "resteasy", "product_name": "Red Hat JBoss Data Virtualization 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Will not fix", "package_name": "resteasy", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:jboss_operations_network:3", "fix_state": "Not affected", "package_name": "resteasy", "product_name": "Red Hat JBoss Operations Network 3"}, {"cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0", "fix_state": "Not affected", "package_name": "resteasy", "product_name": "Red Hat OpenShift Application Runtimes"}, {"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "fix_state": "Not affected", "package_name": "resteasy", "product_name": "Red Hat Single Sign-On 7"}], "public_date": "2017-08-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-7561\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7561"], "threat_severity": "Moderate"}

{}