{"api_version":"1","generated_at":"2026-04-23T02:35:31+00:00","cve":"CVE-2020-1695","urls":{"html":"https://cve.report/CVE-2020-1695","api":"https://cve.report/api/cve/CVE-2020-1695.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-1695","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-1695"},"summary":{"title":"CVE-2020-1695","description":"A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2020-05-19 15:15:00","updated_at":"2023-11-07 03:19:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RX22C6I56BJUER76IIPYHGZIWBQIU3CQ/","name":"FEDORA-2020-239503f5fa","refsource":"","tags":[],"title":"[SECURITY] Fedora 32 Update: resteasy-3.0.26-6.fc32 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1695","name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1695","refsource":"CONFIRM","tags":["Issue Tracking","Vendor Advisory"],"title":"1730462 – (CVE-2020-1695) CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IJDMT443YZWCBS5NS76XZ7TL3GK7BXHL/","name":"FEDORA-2020-df970da9fc","refsource":"","tags":[],"title":"[SECURITY] Fedora 33 Update: resteasy-3.0.26-6.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RX22C6I56BJUER76IIPYHGZIWBQIU3CQ/","name":"FEDORA-2020-239503f5fa","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 32 Update: resteasy-3.0.26-6.fc32 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IJDMT443YZWCBS5NS76XZ7TL3GK7BXHL/","name":"FEDORA-2020-df970da9fc","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 33 Update: resteasy-3.0.26-6.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-1695","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1695","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"1695","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"32","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"1695","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"33","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"1695","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"resteasy","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"1695","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"resteasy","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2020-1695","qid":"159457","title":"Oracle Enterprise Linux Security Update for pki-core:10.6 and pki-deps:10.6 (ELSA-2021-1775)"},{"cve":"CVE-2020-1695","qid":"239305","title":"Red Hat Update for pki-core:10.6 and pki-deps:10.6 (RHSA-2021:1775)"},{"cve":"CVE-2020-1695","qid":"940288","title":"AlmaLinux Security Update for pki-core:10.6 and pki-deps:10.6 (ALSA-2021:1775)"},{"cve":"CVE-2020-1695","qid":"960379","title":"Rocky Linux Security Update for pki-core:10.6 and pki-deps:10.6 (RLSA-2021:1775)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2020-1695","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Red Hat","product":{"product_data":[{"product_name":"resteasy","version":{"version_data":[{"version_value":"all resteasy 3.x.x versions prior to 3.12.0.Final"},{"version_value":"all resteasy 4.x.x versions prior to 4.6.0.Final"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-20"}]}]},"references":{"reference_data":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1695","name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1695","refsource":"CONFIRM"},{"refsource":"FEDORA","name":"FEDORA-2020-239503f5fa","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RX22C6I56BJUER76IIPYHGZIWBQIU3CQ/"},{"refsource":"FEDORA","name":"FEDORA-2020-df970da9fc","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IJDMT443YZWCBS5NS76XZ7TL3GK7BXHL/"}]},"description":{"description_data":[{"lang":"eng","value":"A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed."}]},"impact":{"cvss":[[{"vectorString":"7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","version":"3.0"}]]}},"nvd":{"publishedDate":"2020-05-19 15:15:00","lastModifiedDate":"2023-11-07 03:19:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:resteasy:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.12.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:resteasy:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.6.0","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"1695","Ordinal":"160933","Title":"CVE-2020-1695","CVE":"CVE-2020-1695","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"1695","Ordinal":"1","NoteData":"A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"1695","Ordinal":"2","NoteData":"2020-05-19","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"1695","Ordinal":"3","NoteData":"2020-12-08","Type":"Other","Title":"Modified"}]}}}