Candidate: CVE-2017-7561
PublicDate: 2017-09-13 17:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7561
 https://issues.jboss.org/projects/RESTEASY/issues/RESTEASY-1539
Description:
 Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to
 a server-side cache poisoning or CORS requests in the JAX-RS component
 resulting in a moderate impact.
Ubuntu-Description:
Notes:
Bugs:
 https://bugzilla.redhat.com/show_bug.cgi?id=1483823
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N [7.5 HIGH]

Patches_resteasy:
upstream_resteasy: released (3.6.2-1)
precise/esm_resteasy: DNE
trusty_resteasy: DNE
trusty/esm_resteasy: DNE
vivid/ubuntu-core_resteasy: DNE
xenial_resteasy: not-affected (code not present)
zesty_resteasy: ignored (reached end-of-life)
artful_resteasy: ignored (reached end-of-life)
bionic_resteasy: DNE
cosmic_resteasy: DNE
disco_resteasy: not-affected (3.6.2-1)
eoan_resteasy: not-affected (3.6.2-1)
focal_resteasy: not-affected (3.6.2-1)
groovy_resteasy: not-affected (3.6.2-1)
hirsute_resteasy: not-affected (3.6.2-1)
impish_resteasy: not-affected (3.6.2-1)
jammy_resteasy: not-affected (3.6.2-1)
devel_resteasy: not-affected (3.6.2-1)

Patches_resteasy3.0:
upstream_resteasy3.0: released (3.0.26-1)
precise/esm_resteasy3.0: DNE
trusty_resteasy3.0: DNE
trusty/esm_resteasy3.0: DNE
xenial_resteasy3.0: DNE
bionic_resteasy3.0: needed
cosmic_resteasy3.0: ignored (reached end-of-life)
disco_resteasy3.0: not-affected (3.0.26-1)
eoan_resteasy3.0: not-affected (3.0.26-1)
focal_resteasy3.0: not-affected (3.0.26-1)
groovy_resteasy3.0: not-affected (3.0.26-1)
hirsute_resteasy3.0: not-affected (3.0.26-1)
impish_resteasy3.0: not-affected (3.0.26-1)
jammy_resteasy3.0: not-affected (3.0.26-1)
devel_resteasy3.0: not-affected (3.0.26-1)