Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-1695

Опубликовано: 15 апр. 2020
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.

A flaw was found in Resteasy, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat BPM Suite 6resteasy-jaxrsOut of support scope
Red Hat BPM Suite 6resteasy-jaxrs-allOut of support scope
Red Hat Decision Manager 7resteasy-jaxrsNot affected
Red Hat Enterprise Linux 7resteasy-baseWill not fix
Red Hat JBoss BRMS 5resteasy-jaxrsOut of support scope
Red Hat JBoss Data Virtualization 6resteasy-jaxrsOut of support scope
Red Hat JBoss Data Virtualization 6resteasy-jaxrs-allOut of support scope
Red Hat JBoss Enterprise Application Platform 5resteasy-jaxrsOut of support scope
Red Hat JBoss Enterprise Application Platform 6resteasy-jaxrsOut of support scope
Red Hat JBoss Fuse 6resteasy-jaxrsOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=1730462resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class

EPSS

Процентиль: 45%
0.00224
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-1695

CVSS3: 7.5
ubuntu
около 5 лет назад

A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.

nvd логотип

CVE-2020-1695

CVSS3: 7.5
nvd
около 5 лет назад

A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.

debian логотип

CVE-2020-1695

CVSS3: 7.5
debian
около 5 лет назад

A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final ...

rocky логотип

RLSA-2021:1775

rocky
около 4 лет назад

Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update

github логотип

GHSA-63cq-ppq8-cw6g

CVSS3: 7.5
github
около 3 лет назад

Improper Input Validation in RESTEasy

EPSS

Процентиль: 45%
0.00224
Низкий

7.5 High

CVSS3

Уязвимость CVE-2020-1695