CVE-2020-1695

CWE-20Improper Input Validation14 documents9 sources
Severity
7.5HIGH
EPSS
0.8%
top 26.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Redhat ResteasyRED HAT ResteasyFedoraproject Fedora
Timeline
PublishedMay 19
Latest updateJul 10

Description

A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

NVDredhat/resteasy3.0.03.12.0+1
Mavenorg.jboss.resteasy:resteasy-client4.0.04.6.0+1
Ubunturesteasy< 3.6.2-2ubuntu0.20.04.1~esm1+2
Debianresteasy3.0< 3.0.26-2+3
CVEListV5red_hat/resteasyall resteasy 3.x.x versions prior to 3.12.0.Final, all resteasy 4.x.x versions prior to 4.6.0.Final+1

Also affects: Fedora 32, 33

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

5
OSV
resteasy vulnerabilities2025-03-13
OSV
Improper Input Validation in RESTEasy2022-05-24
GHSA
Improper Input Validation in RESTEasy2022-05-24
CVEList
CVE-2020-1695: A flaw was found in all resteasy 32020-05-19
OSV
CVE-2020-1695: A flaw was found in all resteasy 32020-05-19

📋Vendor Advisories

5
Ubuntu
RESTEasy vulnerabilities2025-07-10
Ubuntu
RESTEasy vulnerabilities2025-03-13
Red Hat
resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class2020-04-15
Oracle
Oracle Oracle Construction and Engineering Risk Matrix: Mobile (Mobile Application Framework) — CVE-2012-16952020-01-15
Debian
CVE-2020-1695: resteasy - A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all re...2020

💬Community

3
Bugzilla
CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class [fedora-all]2020-06-09
Bugzilla
CVE-2020-2103 jenkins: Exposed session identifiers on user detail object in the whoAmI diagnostic page2020-01-31
Bugzilla
CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class2019-07-16
CVE-2020-1695 (HIGH CVSS 7.5) | A flaw was found in all resteasy 3. | cvebase.io