Uploaded image for project: 'RESTEasy'
  1. RESTEasy
  2. RESTEASY-1704

CVE-2017-7561 resteasy: Vary header not added by CORS filter leading to cache poisoning

XMLWordPrintable

    • Hide

      To reproduce, enable the CorsFilter using the instruction at [1], and send an HTTP request that includes both a Host and an Origin header, where the Origin should be different than the Host, and should be a value that is configured to be allowed by the CorsFilter. Inspect the response headers. A 'Vary: Origin' header should be in the response, but isn't.

      [1] https://stackoverflow.com/questions/29388937/problems-resteasy-3-09-corsfilter/29390508#29390508

      Show
      To reproduce, enable the CorsFilter using the instruction at [1] , and send an HTTP request that includes both a Host and an Origin header, where the Origin should be different than the Host, and should be a value that is configured to be allowed by the CorsFilter. Inspect the response headers. A 'Vary: Origin' header should be in the response, but isn't. [1] https://stackoverflow.com/questions/29388937/problems-resteasy-3-09-corsfilter/29390508#29390508

      CVE-2017-7561 resteasy: Vary header not added by CORS filter leading to cache poisoning
      https://bugzilla.redhat.com/show_bug.cgi?id=1483823

      The CORS Filter did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances.

      Resteasy versions >=3.0.7 are affected because they include the CORS Filter.

        1. CVE-2017-7561
          12 kB

              rhn-support-asoldano Alessio Soldano
              rhn-support-jshepher Jason Shepherd
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: