CVE-2020-1695

HIGH

Redhat Resteasy < 3.12.0 - Improper Input Validation

Title source: rule

Description

A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.

Exploits (2)

nomisec WRITEUP

by dawetmaster · poc

https://github.com/dawetmaster/CVE-2020-1695-Resteasy-vulnerable

View Code ZIP pw:eip

nomisec WRITEUP

by andikahilmy · poc

https://github.com/andikahilmy/CVE-2020-1695-Resteasy-vulnerable

View Code ZIP pw:eip

References (3)

[Issue Tracking, Patch, Vendor Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1695

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IJDMT443YZWCBS5NS76XZ7TL3GK7BXHL/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RX22C6I56BJUER76IIPYHGZIWBQIU3CQ/

Scores

CVSS v3 7.5

EPSS 0.0039

EPSS Percentile 59.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-20

Status published

Products (4)

fedoraproject/fedora 32

fedoraproject/fedora 33

org.jboss.resteasy/resteasy-client 4.0.0 - 4.6.0Maven

redhat/resteasy 3.0.0 - 3.12.0

Published May 19, 2020

Tracked Since Feb 18, 2026