Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact.

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0481 advisory.

  - resteasy: Vary header not added by CORS filter leading to cache poisoning (CVE-2017-7561)

  - artemis/hornetq: memory exhaustion via UDP and JGroups discovery (CVE-2017-12174)

  - undertow: Client can use bogus uri in Digest authentication (CVE-2017-12196)

  - infinispan: Unsafe deserialization of malicious object injected into data cache (CVE-2017-15089)

  - jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525)     (CVE-2017-15095)

  - jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)     (CVE-2017-17485)

  - undertow: ALLOW_ENCODED_SLASH option not taken into account in the AjpRequestParser (CVE-2018-1048)

  - jackson-databind: unsafe deserialization due to incomplete blacklist (incomplete fix for CVE-2017-7525 and     CVE-2017-17485) (CVE-2018-5968)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0480 advisory.

  - resteasy: Vary header not added by CORS filter leading to cache poisoning (CVE-2017-7561)

  - artemis/hornetq: memory exhaustion via UDP and JGroups discovery (CVE-2017-12174)

  - undertow: Client can use bogus uri in Digest authentication (CVE-2017-12196)

  - infinispan: Unsafe deserialization of malicious object injected into data cache (CVE-2017-15089)

  - jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525)     (CVE-2017-15095)

  - jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)     (CVE-2017-17485)

  - undertow: ALLOW_ENCODED_SLASH option not taken into account in the AjpRequestParser (CVE-2018-1048)

  - jackson-databind: unsafe deserialization due to incomplete blacklist (incomplete fix for CVE-2017-7525 and     CVE-2017-17485) (CVE-2018-5968)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0479 advisory.

  - resteasy: Vary header not added by CORS filter leading to cache poisoning (CVE-2017-7561)

  - artemis/hornetq: memory exhaustion via UDP and JGroups discovery (CVE-2017-12174)

  - undertow: Client can use bogus uri in Digest authentication (CVE-2017-12196)

  - infinispan: Unsafe deserialization of malicious object injected into data cache (CVE-2017-15089)

  - jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525)     (CVE-2017-15095)

  - jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)     (CVE-2017-17485)

  - undertow: ALLOW_ENCODED_SLASH option not taken into account in the AjpRequestParser (CVE-2018-1048)

  - jackson-databind: unsafe deserialization due to incomplete blacklist (incomplete fix for CVE-2017-7525 and     CVE-2017-17485) (CVE-2018-5968)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0004 advisory.

  - RESTEasy: Abuse of GZIPInterceptor in RESTEasy can lead to denial of service attack (CVE-2016-6346)

  - undertow: HTTP Request smuggling vulnerability (incomplete fix of CVE-2017-2666) (CVE-2017-7559)

  - resteasy: Vary header not added by CORS filter leading to cache poisoning (CVE-2017-7561)

  - undertow: improper whitespace parsing leading to potential HTTP request smuggling (CVE-2017-12165)

  - EAP-7: Wrong privileges on multiple property files (CVE-2017-12167)

  - jboss: unsafe chown of server.log in jboss init script allows privilege escalation (Incomplete fix for     CVE-2016-8656) (CVE-2017-12189)

  - Solr: Code execution via entity expansion (CVE-2017-12629)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0002 advisory.

  - RESTEasy: Abuse of GZIPInterceptor in RESTEasy can lead to denial of service attack (CVE-2016-6346)

  - undertow: HTTP Request smuggling vulnerability (incomplete fix of CVE-2017-2666) (CVE-2017-7559)

  - resteasy: Vary header not added by CORS filter leading to cache poisoning (CVE-2017-7561)

  - undertow: improper whitespace parsing leading to potential HTTP request smuggling (CVE-2017-12165)

  - EAP-7: Wrong privileges on multiple property files (CVE-2017-12167)

  - jboss: unsafe chown of server.log in jboss init script allows privilege escalation (Incomplete fix for     CVE-2016-8656) (CVE-2017-12189)

  - Solr: Code execution via entity expansion (CVE-2017-12629)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0005 advisory.

  - RESTEasy: Abuse of GZIPInterceptor in RESTEasy can lead to denial of service attack (CVE-2016-6346)

  - undertow: HTTP Request smuggling vulnerability (incomplete fix of CVE-2017-2666) (CVE-2017-7559)

  - resteasy: Vary header not added by CORS filter leading to cache poisoning (CVE-2017-7561)

  - undertow: improper whitespace parsing leading to potential HTTP request smuggling (CVE-2017-12165)

  - EAP-7: Wrong privileges on multiple property files (CVE-2017-12167)

  - jboss: unsafe chown of server.log in jboss init script allows privilege escalation (Incomplete fix for     CVE-2016-8656) (CVE-2017-12189)

  - Solr: Code execution via entity expansion (CVE-2017-12629)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
108325	RHEL 6 / 7 : jboss-ec2-eap package for EAP 7.1.1 (Important) (RHSA-2018:0481)	Nessus	Red Hat Local Security Checks	critical
108324	RHEL 7 : JBoss Enterprise Application Platform 7.1.1 for RHEL 7 (Important) (RHSA-2018:0480)	Nessus	Red Hat Local Security Checks	critical
108323	RHEL 6 : JBoss Enterprise Application Platform 7.1.1 on RHEL 6 (Important) (RHSA-2018:0479)	Nessus	Red Hat Local Security Checks	critical
105560	RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.0.9 security update on RHEL 7 (Important) (RHSA-2018:0004)	Nessus	Red Hat Local Security Checks	critical
105559	RHEL 6 : Red Hat JBoss Enterprise Application Platform 7.0.9 security update on RHEL 6 (Important) (RHSA-2018:0002)	Nessus	Red Hat Local Security Checks	critical
105522	RHEL 6 / 7 : eap7-jboss-ec2-eap (RHSA-2018:0005)	Nessus	Red Hat Local Security Checks	critical

Detections

Analytics

CVE-2017-7561

high

Tenable Plugins

critical

critical

critical

critical

critical

critical