Описание
Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact.
It was discovered that the CORS Filter did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss A-MQ 6 | resteasy | Will not fix | ||
| Red Hat JBoss Data Grid 7 | resteasy | Not affected | ||
| Red Hat JBoss Data Virtualization 6 | resteasy | Not affected | ||
| Red Hat JBoss Fuse 6 | resteasy | Will not fix | ||
| Red Hat JBoss Operations Network 3 | resteasy | Not affected | ||
| Red Hat OpenShift Application Runtimes | resteasy | Not affected | ||
| Red Hat Single Sign-On 7 | resteasy | Not affected | ||
| Red Hat JBoss EAP 7 | resteasy | Fixed | RHSA-2018:0003 | 03.01.2018 |
| Red Hat JBoss EAP 7 | resteasy | Fixed | RHSA-2018:0478 | 12.03.2018 |
| Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 | eap7-activemq-artemis | Fixed | RHSA-2018:0002 | 03.01.2018 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.9 Medium
CVSS3
Связанные уязвимости
Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact.
Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact.
Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerab ...
Inconsistent Interpretation of HTTP Requests in Red Hat JBoss EAP
Уязвимость платформы JBoss, связанная с непоследовательной интерпретацией http-запросов, позволяющая нарушителю нарушить целостность данных
EPSS
5.9 Medium
CVSS3