CVE-2017-7561
HIGHRed Hat JBoss EAP <4.0.0.Beta1 - SSRF
Title source: llmDescription
Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact.
Exploits (2)
nomisec
WORKING POC
by dawetmaster · poc
https://github.com/dawetmaster/CVE-2017-7561-Resteasy-vulnerable
nomisec
WORKING POC
by andikahilmy · poc
https://github.com/andikahilmy/CVE-2017-7561-Resteasy-vulnerable
References (10)
Scores
CVSS v3
7.5
EPSS
0.0107
EPSS Percentile
77.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-346
CWE-444
Status
published
Products (16)
org.jboss.resteasy/resteasy-jaxrs
3.0.7.Final - 3.0.25.FinalMaven
redhat/jboss_enterprise_application_platform
3.0.7
redhat/jboss_enterprise_application_platform
3.0.8
redhat/jboss_enterprise_application_platform
3.1.0
redhat/jboss_enterprise_application_platform
3.1.1
redhat/jboss_enterprise_application_platform
3.1.2
redhat/jboss_enterprise_application_platform
3.1.4
redhat/jboss_enterprise_application_platform
3.1.5
redhat/jboss_enterprise_application_platform
3.2.3
redhat/jboss_enterprise_application_platform
3.2.4
... and 6 more
Published
Sep 13, 2017
Tracked Since
Feb 18, 2026