CVE-2017-7561

HIGH

Red Hat JBoss EAP <4.0.0.Beta1 - SSRF

Title source: llm

Description

Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact.

Exploits (1)

nomisec WORKING POC

by andikahilmy · poc

https://github.com/andikahilmy/CVE-2017-7561-Resteasy-vulnerable

View Code ZIP pw:eip

References (10)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/100465

[Patch, Vendor Advisory] https://issues.jboss.org/browse/RESTEASY-1704

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2018:0002

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2018:0003

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2018:0004

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2018:0005

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2018:0478

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2018:0479

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2018:0480

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2018:0481

Scores

CVSS v3 7.5

EPSS 0.0107

EPSS Percentile 77.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Classification

CWE

CWE-346 CWE-444

Status draft

Affected Products (15)

redhat/jboss_enterprise_application_platform

org.jboss.resteasy/resteasy-jaxrs < 3.0.25.FinalMaven

Timeline

Published Sep 13, 2017

Tracked Since Feb 18, 2026