CVE-2017-7561

Name of the Vulnerable Software and Affected Versions Red Hat JBoss EAP versions 3.0.7 through 3.0.25.Final Red Hat JBoss EAP version 3.5.0.CR1 Red Hat JBoss EAP version 4.0.0.Beta1

Description The issue is related to inconsistent interpretation of HTTP requests, which can be exploited by a remote attacker to compromise data integrity. This can result in server-side cache poisoning or CORS requests in the JAX-RS component.

Recommendations For Red Hat JBoss EAP versions 3.0.7 through 3.0.25.Final, consider updating to a version outside of this range to mitigate the risk. For Red Hat JBoss EAP version 3.5.0.CR1, consider updating to a version outside of this range to mitigate the risk. For Red Hat JBoss EAP version 4.0.0.Beta1, consider updating to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to the JAX-RS component to minimize the risk of exploitation.