PT-2019-6418 · Red Hat+6 · Resteasy+7

Mirko Selber

Publicado

2019-07-16

Atualizado

2025-10-14

CVE-2020-1695

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions resteasy versions 3.x.x prior to 3.12.0.Final resteasy versions 4.x.x prior to 4.6.0.Final

Description A flaw was found in resteasy where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed. The issue is related to insufficient input validation, which can be exploited by a remote attacker to modify information.

Recommendations For resteasy versions 3.x.x prior to 3.12.0.Final, update to version 3.12.0.Final or later. For resteasy versions 4.x.x prior to 4.6.0.Final, update to version 4.6.0.Final or later. As a temporary workaround, consider implementing proper input validation to prevent illegal headers from being integrated into the server's response.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

ALT-PU-2022-7681

BDU:2024-01095

CESA-2021_1775

CVE-2020-1695

GHSA-63CQ-PPQ8-CW6G

MGASA-2021-0039

OESA-2022-1483

RHSA-2020:2511

RHSA-2020:2512

RHSA-2020:2513

RHSA-2020:3637

RHSA-2020:3638

RHSA-2020:3639

RHSA-2021:1775

RHSA-2021_1775

RLSA-2021:1775

USN-7351-1

USN-7630-1

Produtos afetados

Alt Linux

Centos

Linuxmint

Red Hat

Red Os

Rocky Linux

Ubuntu

Resteasy

PT-2019-6418 · Red Hat+6 · Resteasy+7

CVE-2020-1695

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 65