Red Hat JBoss EAP version 3.0.7 through 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component result ing in a moderate impact.