A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.

redhat_unpatched resteasy: resteasy: Unpatched vulnerabilities

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-1775 advisory.

  - A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions     prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that     integrates into the server's response. This flaw may result in an injection, which leads to unexpected     behavior when the HTTP response is constructed. (CVE-2020-1695)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2021:1775 advisory.

  - resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:1775 advisory.

  - resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Security fix for CVE-2020-1695

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3637 advisory.

  - hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)

  - jackson-databind: mishandles the interaction between serialization gadgets and typing which could result     in remote command execution (CVE-2020-10672, CVE-2020-10673)

  - dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)

  - Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests     (CVE-2020-10687)

  - hibernate-validator: Improper input validation in the interpolation of constraint error messages     (CVE-2020-10693)

  - wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)

  - wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)

  - wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)

  - wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)

  - wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing     Denial of Service (CVE-2020-14307)

  - resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)

  - EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)

  - Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain     (CVE-2020-1748)

  - Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of     CVE-2018-14371 (CVE-2020-6950)

  - jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)

  - jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)

  - jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)

  - jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3639 advisory.

  - hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)

  - jackson-databind: mishandles the interaction between serialization gadgets and typing which could result     in remote command execution (CVE-2020-10672, CVE-2020-10673)

  - dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)

  - Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests     (CVE-2020-10687)

  - hibernate-validator: Improper input validation in the interpolation of constraint error messages     (CVE-2020-10693)

  - wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)

  - wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)

  - wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)

  - wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)

  - wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing     Denial of Service (CVE-2020-14307)

  - resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)

  - EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)

  - Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain     (CVE-2020-1748)

  - Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of     CVE-2018-14371 (CVE-2020-6950)

  - jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)

  - jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)

  - jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)

  - jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3638 advisory.

  - hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)

  - jackson-databind: mishandles the interaction between serialization gadgets and typing which could result     in remote command execution (CVE-2020-10672, CVE-2020-10673)

  - dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)

  - Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests     (CVE-2020-10687)

  - hibernate-validator: Improper input validation in the interpolation of constraint error messages     (CVE-2020-10693)

  - wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)

  - wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)

  - wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)

  - wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)

  - wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing     Denial of Service (CVE-2020-14307)

  - resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)

  - EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)

  - Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain     (CVE-2020-1748)

  - Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of     CVE-2018-14371 (CVE-2020-6950)

  - jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)

  - jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)

  - jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)

  - jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2513 advisory.

  - mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter (CVE-2018-14371)

  - thrift: Endless loop when feed with specific input data (CVE-2019-0205)

  - thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol (CVE-2019-0210)

  - jackson-mapper-asl: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)

  - cxf: OpenId Connect token service does not properly validate the clientId (CVE-2019-12423)

  - wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is     in use (CVE-2019-14887)

  - cxf: reflected XSS in the services listing page (CVE-2019-17573)

  - resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)

  - Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security     Domain (CVE-2020-1719)

  - SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current     threads context class loader (CVE-2020-1729)

  - undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)

  - undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could     result in security bypass (CVE-2020-1757)

  - Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of     CVE-2018-14371 (CVE-2020-6950)

  - cryptacular: excessive memory allocation during a decode operation (CVE-2020-7226)

  - jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)

  - jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)

  - jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)

  - jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)

  - RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack (CVE-2020-10688)

  - undertow: Memory exhaustion issue in HttpReadListener via Expect: 100-continue header (CVE-2020-10705)

  - undertow: invalid HTTP request with large chunk size (CVE-2020-10719)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2512 advisory.

  - CVE-2020-6950 Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of     (CVE-2018-14371)

  - thrift: Endless loop when feed with specific input data (CVE-2019-0205)

  - thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol (CVE-2019-0210)

  - jackson-mapper-asl: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)

  - cxf: OpenId Connect token service does not properly validate the clientId (CVE-2019-12423)

  - wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is     in use (CVE-2019-14887)

  - cxf: reflected XSS in the services listing page (CVE-2019-17573)

  - RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack (CVE-2020-10688)

  - undertow: Memory exhaustion issue in HttpReadListener via Expect: 100-continue header (CVE-2020-10705)

  - undertow: invalid HTTP request with large chunk size (CVE-2020-10719)

  - resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)

  - Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security     Domain (CVE-2020-1719)

  - SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current     threads context class loader (CVE-2020-1729)

  - undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)

  - undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could     result in security bypass (CVE-2020-1757)

  - Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of     CVE-2018-14371 (CVE-2020-6950)

  - cryptacular: excessive memory allocation during a decode operation (CVE-2020-7226)

  - jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)

  - jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)

  - jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)

  - jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2511 advisory.

  - CVE-2020-6950 Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of     (CVE-2018-14371)

  - thrift: Endless loop when feed with specific input data (CVE-2019-0205)

  - thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol (CVE-2019-0210)

  - jackson-mapper-asl: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)

  - cxf: OpenId Connect token service does not properly validate the clientId (CVE-2019-12423)

  - wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is     in use (CVE-2019-14887)

  - cxf: reflected XSS in the services listing page (CVE-2019-17573)

  - RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack (CVE-2020-10688)

  - undertow: Memory exhaustion issue in HttpReadListener via Expect: 100-continue header (CVE-2020-10705)

  - undertow: invalid HTTP request with large chunk size (CVE-2020-10719)

  - resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)

  - Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security     Domain (CVE-2020-1719)

  - SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current     threads context class loader (CVE-2020-1729)

  - undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)

  - undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could     result in security bypass (CVE-2020-1757)

  - Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of     CVE-2018-14371 (CVE-2020-6950)

  - cryptacular: excessive memory allocation during a decode operation (CVE-2020-7226)

  - jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)

  - jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)

  - jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)

  - jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
155318	Oracle Linux 8 : pki-core:10.6 / and / pki-deps:10.6 (ELSA-2021-1775)	Nessus	Oracle Linux Local Security Checks	high
149748	CentOS 8 : pki-core:10.6 and pki-deps:10.6 (CESA-2021:1775)	Nessus	CentOS Local Security Checks	high
149656	RHEL 8 : pki-core:10.6 and pki-deps:10.6 (RHSA-2021:1775)	Nessus	Red Hat Local Security Checks	high
143598	Fedora 32 : resteasy (2020-239503f5fa)	Nessus	Fedora Local Security Checks	high
143595	Fedora 33 : resteasy (2020-df970da9fc)	Nessus	Fedora Local Security Checks	high
140397	RHEL 6 : Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 6 (RHSA-2020:3637)	Nessus	Red Hat Local Security Checks	critical
140392	RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 8 (RHSA-2020:3639)	Nessus	Red Hat Local Security Checks	critical
140390	RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 7 (RHSA-2020:3638)	Nessus	Red Hat Local Security Checks	critical
137334	RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.3.1 Security update (Important) (RHSA-2020:2513)	Nessus	Red Hat Local Security Checks	critical
137333	RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.3.1 Security update (Important) (RHSA-2020:2512)	Nessus	Red Hat Local Security Checks	critical
137331	RHEL 6 : Red Hat JBoss Enterprise Application Platform 7.3.1 Security update (Important) (RHSA-2020:2511)	Nessus	Red Hat Local Security Checks	critical

Detections

Analytics

CVE-2020-1695

high

Tenable Plugins

Coming Soon

high

high

high

high

high

critical

critical

critical

critical

critical

critical