Home

CVE-2020-1695

Description

A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the servers response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
0.751

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2020-1695 are fixed in JBoss-resteasy-client 4.6.0Windows
Vulnerabilities CVE-2020-1695 are fixed in JBoss-resteasy-client 3.12.0Windows
(RHSA-2021:1775) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update jss-4.8.1-2.module+el8.4.0+10451+3e5b5448.x86_64.rpmLinux
(RHSA-2021:1775) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update jss-debugsource-4.8.1-2.module+el8.4.0+10451+3e5b5448.x86_64.rpmLinux
(RHSA-2021:1775) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update jss-javadoc-4.8.1-2.module+el8.4.0+10451+3e5b5448.x86_64.rpmLinux
(RHSA-2021:1775) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update pki-acme-10.10.5-2.module+el8.4.0+10466+9830f79e.noarch.rpmLinux
(RHSA-2021:1775) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update pki-base-10.10.5-2.module+el8.4.0+10466+9830f79e.noarch.rpmLinux
(RHSA-2021:1775) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update pki-base-java-10.10.5-2.module+el8.4.0+10466+9830f79e.noarch.rpmLinux
(RHSA-2021:1775) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update pki-ca-10.10.5-2.module+el8.4.0+10466+9830f79e.noarch.rpmLinux
(RHSA-2021:1775) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update pki-core-debugsource-10.10.5-2.module+el8.4.0+10466+9830f79e.x86_64.rpmLinux
(RHSA-2021:1775) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update pki-kra-10.10.5-2.module+el8.4.0+10466+9830f79e.noarch.rpmLinux
(RHSA-2021:1775) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update pki-server-10.10.5-2.module+el8.4.0+10466+9830f79e.noarch.rpmLinux
(RHSA-2021:1775) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update pki-symkey-10.10.5-2.module+el8.4.0+10466+9830f79e.x86_64.rpmLinux
(RHSA-2021:1775) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update pki-tools-10.10.5-2.module+el8.4.0+10466+9830f79e.x86_64.rpmLinux
(RHSA-2021:1775) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update python3-pki-10.10.5-2.module+el8.4.0+10466+9830f79e.noarch.rpmLinux
(RHSA-2021:1775) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update resteasy-3.0.26-6.module+el8.4.0+8891+bb8828ef.noarch.rpmLinux
(RHSA-2021:1775) pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update tomcatjss-7.6.1-1.module+el8.4.0+8778+d07929ff.noarch.rpmLinux
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2021:1775) slf4j-1.7.25-4.module+el8.5.0+697+f586bb30.noarch.rpmLinux
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2021:1775) velocity-1.7-24.module+el8.3.0+53+ea062990.noarch.rpmLinux
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2021:1775) xalan-j2-2.7.1-38.module+el8.3.0+53+ea062990.noarch.rpmLinux
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2021:1775) javassist-3.18.1-8.module+el8.3.0+53+ea062990.noarch.rpmLinux
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2021:1775) xerces-j2-2.11.0-34.module+el8.3.0+53+ea062990.noarch.rpmLinux
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2021:1775) javassist-javadoc-3.18.1-8.module+el8.3.0+53+ea062990.noarch.rpmLinux
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2021:1775) apache-commons-net-3.6-3.module+el8.3.0+53+ea062990.noarch.rpmLinux
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2021:1775) apache-commons-lang-2.6-21.module+el8.3.0+53+ea062990.noarch.rpmLinux
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2021:1775) xml-commons-resolver-1.2-26.module+el8.3.0+53+ea062990.noarch.rpmLinux
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2021:1775) apache-commons-collections-3.2.2-10.module+el8.3.0+53+ea062990.noarch.rpmLinux
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (RLSA-2021:1775) jakarta-commons-httpclient-3.1-28.module+el8.3.0+53+ea062990.noarch.rpmLinux
RESTEasy -- Framework for RESTful Web services and Java applications (USN-7351-1) libresteasy-java_3.6.2-2ubuntu0.24.10.1_all.debLinux
Vulnerabilities CVE-2020-1695 are fixed in JBoss-resteasy-client for Linux 4.6.0Linux
Vulnerabilities CVE-2020-1695 are fixed in JBoss-resteasy-client for Linux 3.12.0Linux
A project that provides various frameworks to help you build RESTful Web Services and RESTful Java applications (USN-7630-1) USN-7630-1 libresteasy-java_3.6.2-3ubuntu0.25.04.1_all.debLinux
A project that provides various frameworks to help you build RESTful Web Services and RESTful Java applications (USN-7630-1) USN-7630-1 libresteasy3.0-java_3.0.26-3ubuntu0.1_all.debLinux
A project that provides various frameworks to help you build RESTful Web Services and RESTful Java applications (USN-7630-1) USN-7630-1 libresteasy3.0-java_3.0.26-6ubuntu0.24.04.1_all.debLinux
A project that provides various frameworks to help you build RESTful Web Services and RESTful Java applications (USN-7630-1) USN-7630-1 libresteasy3.0-java_3.0.26-6ubuntu0.24.10.1_all.debLinux
A project that provides various frameworks to help you build RESTful Web Services and RESTful Java applications (USN-7630-1) USN-7630-1 libresteasy3.0-java_3.0.26-6ubuntu0.25.04.1_all.debLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234