Vulnerability Details CVE-2020-1695
A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 45.1%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1695
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IJDMT443YZWCBS5NS76XZ7TL3GK7BXHL/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RX22C6I56BJUER76IIPYHGZIWBQIU3CQ/
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1695
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IJDMT443YZWCBS5NS76XZ7TL3GK7BXHL/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RX22C6I56BJUER76IIPYHGZIWBQIU3CQ/
Products affected by CVE-2020-1695
-
cpe:2.3:a:redhat:resteasy:3.0.0
-
cpe:2.3:a:redhat:resteasy:3.0.1
-
cpe:2.3:a:redhat:resteasy:3.0.10
-
cpe:2.3:a:redhat:resteasy:3.0.11
-
cpe:2.3:a:redhat:resteasy:3.0.12
-
cpe:2.3:a:redhat:resteasy:3.0.13
-
cpe:2.3:a:redhat:resteasy:3.0.14
-
cpe:2.3:a:redhat:resteasy:3.0.15
-
cpe:2.3:a:redhat:resteasy:3.0.16
-
cpe:2.3:a:redhat:resteasy:3.0.17
-
cpe:2.3:a:redhat:resteasy:3.0.18
-
cpe:2.3:a:redhat:resteasy:3.0.19
-
cpe:2.3:a:redhat:resteasy:3.0.2
-
cpe:2.3:a:redhat:resteasy:3.0.20
-
cpe:2.3:a:redhat:resteasy:3.0.21
-
cpe:2.3:a:redhat:resteasy:3.0.22
-
cpe:2.3:a:redhat:resteasy:3.0.23
-
cpe:2.3:a:redhat:resteasy:3.0.24
-
cpe:2.3:a:redhat:resteasy:3.0.25
-
cpe:2.3:a:redhat:resteasy:3.0.26
-
cpe:2.3:a:redhat:resteasy:3.0.4
-
cpe:2.3:a:redhat:resteasy:3.0.5
-
cpe:2.3:a:redhat:resteasy:3.0.6
-
cpe:2.3:a:redhat:resteasy:3.0.7
-
cpe:2.3:a:redhat:resteasy:3.0.8
-
cpe:2.3:a:redhat:resteasy:3.0.9
-
cpe:2.3:a:redhat:resteasy:3.1.0
-
cpe:2.3:a:redhat:resteasy:3.1.1
-
cpe:2.3:a:redhat:resteasy:3.1.2
-
cpe:2.3:a:redhat:resteasy:3.1.3
-
cpe:2.3:a:redhat:resteasy:3.1.4
-
cpe:2.3:a:redhat:resteasy:3.10.0
-
cpe:2.3:a:redhat:resteasy:3.11.0
-
cpe:2.3:a:redhat:resteasy:3.11.1
-
cpe:2.3:a:redhat:resteasy:3.11.2
-
cpe:2.3:a:redhat:resteasy:3.11.3
-
cpe:2.3:a:redhat:resteasy:3.5.0
-
cpe:2.3:a:redhat:resteasy:3.5.1
-
cpe:2.3:a:redhat:resteasy:3.6.0
-
cpe:2.3:a:redhat:resteasy:3.6.1
-
cpe:2.3:a:redhat:resteasy:3.6.2
-
cpe:2.3:a:redhat:resteasy:3.6.3
-
cpe:2.3:a:redhat:resteasy:3.7.0
-
cpe:2.3:a:redhat:resteasy:3.8.0
-
cpe:2.3:a:redhat:resteasy:3.8.1
-
cpe:2.3:a:redhat:resteasy:3.9.0
-
cpe:2.3:a:redhat:resteasy:3.9.1
-
cpe:2.3:a:redhat:resteasy:3.9.2
-
cpe:2.3:a:redhat:resteasy:3.9.3
-
cpe:2.3:a:redhat:resteasy:4.0.0
-
cpe:2.3:a:redhat:resteasy:4.0.6
-
cpe:2.3:a:redhat:resteasy:4.1.0
-
cpe:2.3:a:redhat:resteasy:4.1.1
-
cpe:2.3:a:redhat:resteasy:4.2.0
-
cpe:2.3:a:redhat:resteasy:4.3.0
-
cpe:2.3:a:redhat:resteasy:4.3.1
-
cpe:2.3:a:redhat:resteasy:4.4.0
-
cpe:2.3:a:redhat:resteasy:4.4.1
-
cpe:2.3:a:redhat:resteasy:4.4.2
-
cpe:2.3:a:redhat:resteasy:4.4.3
-
cpe:2.3:a:redhat:resteasy:4.5.0
-
cpe:2.3:a:redhat:resteasy:4.5.1
-
cpe:2.3:a:redhat:resteasy:4.5.10
-
cpe:2.3:a:redhat:resteasy:4.5.11
-
cpe:2.3:a:redhat:resteasy:4.5.12
-
cpe:2.3:a:redhat:resteasy:4.5.2
-
cpe:2.3:a:redhat:resteasy:4.5.3
-
cpe:2.3:a:redhat:resteasy:4.5.4
-
cpe:2.3:a:redhat:resteasy:4.5.5
-
cpe:2.3:a:redhat:resteasy:4.5.6
-
cpe:2.3:a:redhat:resteasy:4.5.7
-
cpe:2.3:a:redhat:resteasy:4.5.8
-
cpe:2.3:a:redhat:resteasy:4.5.9
-
cpe:2.3:o:fedoraproject:fedora:32
-
cpe:2.3:o:fedoraproject:fedora:33