Bug 1172141 – VUL-0: CVE-2020-1695: resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class

Bug 1172141 - (CVE-2020-1695) VUL-0: CVE-2020-1695: resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class

(CVE-2020-1695)
Summary:	VUL-0: CVE-2020-1695: resteasy: Improper validation of response header in Med...

Status:	NEW

Classification:	openSUSE
Product:	openSUSE Tumbleweed
Classification:	openSUSE
Component:	Security
Version:	Current
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal (vote)
Target Milestone:	Current
Assigned To:	Sasi Olin
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/257120/
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2020-05-26 15:39 UTC by Alexandros Toptsoglou
Modified:	2020-05-26 16:00 UTC (History)
CC List:	0 users

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexandros Toptsoglou 2020-05-26 15:39:54 UTC

rh#1730462

A flaw was found in resteasy before 4.1.1. An improper input validation in MediaTypeHeaderDelegate.java class results in the class returning an illegal header that will be then integrated in the server's response.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1695
https://bugzilla.redhat.com/show_bug.cgi?id=1730462
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1695
https://access.redhat.com/errata/RHSA-2020:2112
https://access.redhat.com/security/cve/CVE-2020-1695
http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1695.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1695