Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2021:1775

Опубликовано: 18 мая 2021
Источник: rocky
Оценка: Moderate

Описание

Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update

The Public Key Infrastructure (PKI) Core contains fundamental packages required by Rocky Enterprise Software Foundation Certificate System.

Security Fix(es):

  • resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
apache-commons-collectionsnoarch10.module+el8.3.0+53+ea062990apache-commons-collections-3.2.2-10.module+el8.3.0+53+ea062990.noarch.rpm
apache-commons-langnoarch21.module+el8.3.0+53+ea062990apache-commons-lang-2.6-21.module+el8.3.0+53+ea062990.noarch.rpm
apache-commons-netnoarch3.module+el8.3.0+53+ea062990apache-commons-net-3.6-3.module+el8.3.0+53+ea062990.noarch.rpm
bea-stax-apinoarch16.module+el8.3.0+53+ea062990bea-stax-api-1.2.0-16.module+el8.3.0+53+ea062990.noarch.rpm
glassfish-fastinfosetnoarch9.module+el8.3.0+53+ea062990glassfish-fastinfoset-1.2.13-9.module+el8.3.0+53+ea062990.noarch.rpm
glassfish-jaxb-apinoarch8.module+el8.3.0+53+ea062990glassfish-jaxb-api-2.2.12-8.module+el8.3.0+53+ea062990.noarch.rpm
glassfish-jaxb-corenoarch11.module+el8.3.0+53+ea062990glassfish-jaxb-core-2.2.11-11.module+el8.3.0+53+ea062990.noarch.rpm
glassfish-jaxb-runtimenoarch11.module+el8.3.0+53+ea062990glassfish-jaxb-runtime-2.2.11-11.module+el8.3.0+53+ea062990.noarch.rpm
glassfish-jaxb-txw2noarch11.module+el8.3.0+53+ea062990glassfish-jaxb-txw2-2.2.11-11.module+el8.3.0+53+ea062990.noarch.rpm
jackson-annotationsnoarch1.module+el8.3.0+53+ea062990jackson-annotations-2.10.0-1.module+el8.3.0+53+ea062990.noarch.rpm

Показывать по

Связанные CVE

CVE-2020-1695

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2020-1695

CVSS3: 7.5
ubuntu
около 5 лет назад

A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.

redhat логотип

CVE-2020-1695

CVSS3: 7.5
redhat
около 5 лет назад

A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.

nvd логотип

CVE-2020-1695

CVSS3: 7.5
nvd
около 5 лет назад

A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.

debian логотип

CVE-2020-1695

CVSS3: 7.5
debian
около 5 лет назад

A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final ...

github логотип

GHSA-63cq-ppq8-cw6g

CVSS3: 7.5
github
около 3 лет назад

Improper Input Validation in RESTEasy