Описание
Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| resteasy | fixed | 3.6.2-1 | package | |
| resteasy | not-affected | jessie | package | |
| resteasy3.0 | fixed | 3.0.26-1 | package |
Примечания
https://bugzilla.redhat.com/show_bug.cgi?id=1483823
https://issues.jboss.org/projects/RESTEASY/issues/RESTEASY-1704
Fixed by: https://github.com/resteasy/Resteasy/commit/517db971d8f7094124416bf72091fd0b45a13028
Fixed in 4.0.0.Beta1, 3.0.25.Final, 3.5.0.CR1
EPSS
Связанные уязвимости
Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact.
Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact.
Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact.
Inconsistent Interpretation of HTTP Requests in Red Hat JBoss EAP
Уязвимость платформы JBoss, связанная с непоследовательной интерпретацией http-запросов, позволяющая нарушителю нарушить целостность данных
EPSS