Description
It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name.
Remediation
References
http://rhn.redhat.com/errata/RHSA-2017-1097.html
http://www.securityfocus.com/bid/97964
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2638
https://github.com/infinispan/infinispan/pull/4936/commits
https://issues.jboss.org/browse/ISPN-7485
Related Vulnerabilities
CVE-2016-1000031 Vulnerability in maven package commons-fileupload:commons-fileupload
CVE-2020-1745 Vulnerability in maven package io.undertow:undertow-core
CVE-2019-10309 Vulnerability in maven package org.jenkins-ci.plugins:swarm
CVE-2017-7675 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core