Lucene search

K
cveRedhatCVE-2020-1695
HistoryMay 19, 2020 - 3:15 p.m.

CVE-2020-1695

2020-05-1915:15:11
CWE-20
redhat
web.nvd.nist.gov
123
2
cve-2020-1695
resteasy
input validation
injection
http response

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

44.4%

A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server’s response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.

Affected configurations

Nvd
Vulners
Node
redhatresteasyRange3.0.03.12.0
OR
redhatresteasyRange4.0.04.6.0
Node
fedoraprojectfedoraMatch32
OR
fedoraprojectfedoraMatch33
VendorProductVersionCPE
redhatresteasy*cpe:2.3:a:redhat:resteasy:*:*:*:*:*:*:*:*
fedoraprojectfedora32cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
fedoraprojectfedora33cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "resteasy",
    "vendor": "Red Hat",
    "versions": [
      {
        "status": "affected",
        "version": "all resteasy 3.x.x versions prior to 3.12.0.Final"
      },
      {
        "status": "affected",
        "version": "all resteasy 4.x.x versions prior to 4.6.0.Final"
      }
    ]
  }
]

Social References

More

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

44.4%