PT-2019-6418 · Red Hat+6 · Resteasy+7

Mirko Selber

Published

2019-07-16

Updated

2025-10-14

CVE-2020-1695

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions resteasy versions 3.x.x prior to 3.12.0.Final resteasy versions 4.x.x prior to 4.6.0.Final

Description A flaw was found in resteasy where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed. The issue is related to insufficient input validation, which can be exploited by a remote attacker to modify information.

Recommendations For resteasy versions 3.x.x prior to 3.12.0.Final, update to version 3.12.0.Final or later. For resteasy versions 4.x.x prior to 4.6.0.Final, update to version 4.6.0.Final or later. As a temporary workaround, consider implementing proper input validation to prevent illegal headers from being integrated into the server's response.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2022-7681

BDU:2024-01095

CESA-2021_1775

CVE-2020-1695

GHSA-63CQ-PPQ8-CW6G

MGASA-2021-0039

OESA-2022-1483

RHSA-2020:2511

RHSA-2020:2512

RHSA-2020:2513

RHSA-2020:3637

RHSA-2020:3638

RHSA-2020:3639

RHSA-2021:1775

RHSA-2021_1775

RLSA-2021:1775

USN-7351-1

USN-7630-1

Affected Products

Alt Linux

Centos

Linuxmint

Red Hat

Red Os

Rocky Linux

Ubuntu

Resteasy

PT-2019-6418 · Red Hat+6 · Resteasy+7

CVE-2020-1695

Weakness Enumeration

Related Identifiers

Affected Products

References · 65