Uploaded image for project: 'RESTEasy'
  1. RESTEasy
  2. RESTEASY-1704

CVE-2017-7561 resteasy: Vary header not added by CORS filter leading to cache poisoning

    XMLWordPrintable

Details

    • Hide

      To reproduce, enable the CorsFilter using the instruction at [1], and send an HTTP request that includes both a Host and an Origin header, where the Origin should be different than the Host, and should be a value that is configured to be allowed by the CorsFilter. Inspect the response headers. A 'Vary: Origin' header should be in the response, but isn't.

      [1] https://stackoverflow.com/questions/29388937/problems-resteasy-3-09-corsfilter/29390508#29390508

      Show
      To reproduce, enable the CorsFilter using the instruction at [1] , and send an HTTP request that includes both a Host and an Origin header, where the Origin should be different than the Host, and should be a value that is configured to be allowed by the CorsFilter. Inspect the response headers. A 'Vary: Origin' header should be in the response, but isn't. [1] https://stackoverflow.com/questions/29388937/problems-resteasy-3-09-corsfilter/29390508#29390508

    Description

      CVE-2017-7561 resteasy: Vary header not added by CORS filter leading to cache poisoning
      https://bugzilla.redhat.com/show_bug.cgi?id=1483823

      The CORS Filter did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances.

      Resteasy versions >=3.0.7 are affected because they include the CORS Filter.

      Attachments

        1. CVE-2017-7561
          12 kB
          Jason Shepherd

        Activity

          People

            rhn-support-asoldano Alessio Soldano
            rhn-support-jshepher Jason Shepherd
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: