Improper Input Validation

2020-05-2706:30:55

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

JSON

resteasy-jaxrs is vulnerble to improper input validation. The attack exists because it does not properly handle the response headers in MediaTypeHeaderDelegate.java, leading to a return of an illegal header to be integrated in the server’s response.

CPENameOperatorVersion
resteasy jax-rs implementationle3.11.2.Final
eap7-stax2-apieq3.1.4__3.redhat_1.1.ep7.el6
eap7-stax2-apieq3.1.4__6.redhat_2.1.el6eap
eap7-stax2-apieq3.1.4__6.redhat_2.1.el7eap
eap7-stax2-apieq3.1.4__6.redhat_2.1.el8eap
eap7-stax2-apieq3.1.4__3.redhat_1.1.ep7.el7
eap7-jackson-databindeq2.9.9.3__1.redhat_00001.1.el6eap
eap7-jackson-databindeq2.9.9.3__1.redhat_00001.1.el8eap
eap7-jackson-databindeq2.8.11__1.redhat_1.1.ep7.el6
eap7-jackson-databindeq2.9.10.2__1.redhat_00001.1.el7eap

Name	Operator	Version
resteasy jax-rs implementation	le	3.11.2.Final
eap7-stax2-api	eq	3.1.4__3.redhat_1.1.ep7.el6
eap7-stax2-api	eq	3.1.4__6.redhat_2.1.el6eap
eap7-stax2-api	eq	3.1.4__6.redhat_2.1.el7eap
eap7-stax2-api	eq	3.1.4__6.redhat_2.1.el8eap
eap7-stax2-api	eq	3.1.4__3.redhat_1.1.ep7.el7
eap7-jackson-databind	eq	2.9.9.3__1.redhat_00001.1.el6eap
eap7-jackson-databind	eq	2.9.9.3__1.redhat_00001.1.el8eap
eap7-jackson-databind	eq	2.8.11__1.redhat_1.1.ep7.el6
eap7-jackson-databind	eq	2.9.10.2__1.redhat_00001.1.el7eap