Vulnerability Database

314,343

Total vulnerabilities in the database

CVE-2017-7561

Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact.

Published: Sep 13, 2017
Updated: Nov 9, 2025
CVE: CVE-2017-7561
GHSA: GHSA-57q5-x8jf-g7h8
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

CWEs:

Affected Software
References

Software	From	Fixed in
redhat / jboss_enterprise_application_platform	3.0.7	3.0.7.x
redhat / jboss_enterprise_application_platform	3.0.8	3.0.8.x
redhat / jboss_enterprise_application_platform	3.1.0	3.1.0.x
redhat / jboss_enterprise_application_platform	3.1.1	3.1.1.x
redhat / jboss_enterprise_application_platform	3.1.2	3.1.2.x
redhat / jboss_enterprise_application_platform	3.1.4	3.1.4.x
redhat / jboss_enterprise_application_platform	3.1.5	3.1.5.x
redhat / jboss_enterprise_application_platform	3.2.3	3.2.3.x
redhat / jboss_enterprise_application_platform	3.2.4	3.2.4.x
redhat / jboss_enterprise_application_platform	3.2.5	3.2.5.x
redhat / jboss_enterprise_application_platform	3.2.9	3.2.9.x
redhat / jboss_enterprise_application_platform	3.2.13	3.2.13.x
redhat / jboss_enterprise_application_platform	3.3.0	3.3.0.x
redhat / jboss_enterprise_application_platform	3.5.1	3.5.1.x
org.jboss.resteas / resteasy-jaxrs	3.0.7.Final	3.0.25.Final
org.jboss.resteas / resteasy-jaxrs	3.1.4.Final	3.1.4.final.x
org.jboss.resteas / resteasy-jaxrs	3.1.4.Final	3.5.0.CR1

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime