CVE-2017-7561

Published Sep 13, 2017

Last updated 5 years ago

CVSS high 7.5

Overview

Description: Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-444
secalert@redhat.com: CWE-346

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.0.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "25033CDC-E3CA-47D6-B1BB-6838D9DCAF8A"
          },
          {
            "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.0.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5D7CB4CB-4143-4FC1-970C-D102BA119B38"
          },
          {
            "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F498215-6D52-4F74-A8ED-D151DA1E09E9"
          },
          {
            "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FCEB4E47-CE89-437D-BA89-4FC163F6BDE9"
          },
          {
            "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B8683E0-C5FF-4D6A-8079-08E822733B41"
          },
          {
            "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "926A7B4B-54B3-4E58-A66E-1DBD6246F657"
          },
          {
            "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BDF85FD4-6231-4554-AF41-D3EEA2D56466"
          },
          {
            "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A5C8C145-1E87-44FA-881E-7EF9F737AF50"
          },
          {
            "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AED9028C-999D-4658-91FD-9083E822CADF"
          },
          {
            "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.2.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "94E9BAD1-3484-4758-A3FC-D42F963A5A06"
          },
          {
            "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.2.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E65D0A95-B2C2-4708-B0FB-8D3100FD522B"
          },
          {
            "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.2.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "04F3E403-66B7-4E23-9B9D-E6BB2F7D56C4"
          },
          {
            "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4BC3A3D4-CB51-40AA-9267-5D723DC71421"
          },
          {
            "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "431D16DC-F569-4CA9-8BF2-9CB7E3D2856D"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References