vulnerability
Red Hat JBoss EAP: CVE-2017-7561: Origin Validation Error
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:P/A:N) | Aug 22, 2017 | Sep 19, 2024 | Jul 2, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
Published
Aug 22, 2017
Added
Sep 19, 2024
Modified
Jul 2, 2025
Description
Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact.. It was discovered that the CORS Filter did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances.
Solution
red-hat-jboss-eap-upgrade-latest
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.