製品・ソフトウェアに関する情報

JVN脆弱性詳細

Red Hat JBoss EAP におけるデータ処理に関する脆弱性

Title	Red Hat JBoss EAP におけるデータ処理に関する脆弱性
Summary	Red Hat JBoss EAP には、データ処理に関する脆弱性が存在します。
Possible impacts	情報を改ざんされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Aug. 25, 2017, midnight
Registration Date	Oct. 17, 2017, 4:57 p.m.
Last Update	Oct. 17, 2017, 4:57 p.m.

Affected System

レッドハット

JBoss Enterprise Application Platform

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2017-7561	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7561
National Vulnerability Database (NVD)
2	CVE-2017-7561	https://nvd.nist.gov/vuln/detail/CVE-2017-7561

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-19	https://cwe.mitre.org/data/definitions/19.html

ベンダー情報

No	Name	URL
JBoss
1	RESTEASY-1704	https://issues.jboss.org/browse/RESTEASY-1704

Change Log

No	Changed Details	Date of change
0	[2017年10月17日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2017-7561

Summary	Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact.
Publication Date	Sept. 14, 2017, 2:29 a.m.
Registration Date	Jan. 26, 2021, 1:28 p.m.
Last Update	Nov. 21, 2024, 12:32 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.0.7:::::::*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.0.8:::::::*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.1.0:::::::*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.1.1:::::::*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.1.2:::::::*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.1.4:::::::*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.1.5:::::::*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.2.3:::::::*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.2.4:::::::*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.2.5:::::::*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.2.9:::::::*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.2.13:::::::*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.3.0:::::::*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.5.1:::::::*

Related information, measures and tools

No	URL	タグ
1	http://www.securityfocus.com/bid/100465	Third Party Advisory VDB Entry
2	http://www.securityfocus.com/bid/100465	Third Party Advisory VDB Entry
3	https://access.redhat.com/errata/RHSA-2018:0002
4	https://access.redhat.com/errata/RHSA-2018:0002
5	https://access.redhat.com/errata/RHSA-2018:0003
6	https://access.redhat.com/errata/RHSA-2018:0003
7	https://access.redhat.com/errata/RHSA-2018:0004
8	https://access.redhat.com/errata/RHSA-2018:0004
9	https://access.redhat.com/errata/RHSA-2018:0005
10	https://access.redhat.com/errata/RHSA-2018:0005
11	https://access.redhat.com/errata/RHSA-2018:0478
12	https://access.redhat.com/errata/RHSA-2018:0478
13	https://access.redhat.com/errata/RHSA-2018:0479
14	https://access.redhat.com/errata/RHSA-2018:0479
15	https://access.redhat.com/errata/RHSA-2018:0480
16	https://access.redhat.com/errata/RHSA-2018:0480
17	https://access.redhat.com/errata/RHSA-2018:0481
18	https://access.redhat.com/errata/RHSA-2018:0481
19	https://issues.jboss.org/browse/RESTEASY-1704	Patch Vendor Advisory
20	https://issues.jboss.org/browse/RESTEASY-1704	Patch Vendor Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-444	HTTP リクエストスマグリング	https://cwe.mitre.org/data/definitions/444.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.0.7:::::::*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.0.8:::::::*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.1.0:::::::*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.1.1:::::::*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.1.2:::::::*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.1.4:::::::*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.1.5:::::::*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.2.3:::::::*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.2.4:::::::*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.2.5:::::::*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.2.9:::::::*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.2.13:::::::*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.3.0:::::::*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.5.1:::::::*