Fluid Attacks Database

Description

Inconsistent Interpretation of HTTP Requests in Red Hat JBoss EAP Red Hat JBoss EAP version 3.0.7.Final until 3.0.25.Final, 3.5.0.CR1, and 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
maven	org.jboss.resteasy:resteasy-jaxrs	>=3.0.7.final <3.0.25.final \|\| =3.1.4.final \|\| >=3.1.4.final <3.5.0.cr1	3.0.25.final, 3.5.0.cr1
maven	org.jboss.resteas:resteasy-jaxrs	>=3.0.7.final <=3.0.24.final \|\| =3.1.4.final	3.0.25.final, 3.5.0.cr1
debian 13	resteasy3.0	>=0 <3.0.26-1	3.0.26-1
debian 11	resteasy3.0	>=0 <3.0.26-1	3.0.26-1
debian 14	resteasy3.0	>=0 <3.0.26-1	3.0.26-1
debian 12	resteasy3.0	>=0 <3.0.26-1	3.0.26-1

Aliases

1. CVE-2017-75612. NVD-2017-75613. OSV-2017-75614. OSV-DEBIAN-2017-75615. GHSA-57q5-x8jf-g7h86. GCVE-2017-75617. access.redhat.com8. access.redhat.com9. access.redhat.com10. access.redhat.com11. access.redhat.com12. access.redhat.com13. access.redhat.com14. access.redhat.com15. SECURITY-TRACKER-CVE-2017-7561

References

1. https://issues.jboss.org/browse/RESTEASY-17042. https://github.com/dawetmaster/CVE-2017-7561-Resteasy-vulnerable