-
Bug
-
Resolution: Done
-
Major
-
3.1.4.Final
-
None
CVE-2017-7561 resteasy: Vary header not added by CORS filter leading to cache poisoning
https://bugzilla.redhat.com/show_bug.cgi?id=1483823
The CORS Filter did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances.
Resteasy versions >=3.0.7 are affected because they include the CORS Filter.