A flaw was found in resteasy before 4.1.1. An improper input validation in MediaTypeHeaderDelegate.java class results in the class returning an illegal header that will be then integrated in the server's response.
Acknowledgments: Name: Mirko Selber (Compass Security)
This vulnerability is out of security support scope for the following product: * Red Hat Mobile Application Platform Please refer to https://access.redhat.com/support/policy/updates/rhmap for more details
This vulnerability is out of security support scope for the following products: * Red Hat JBoss BPM Suite 6 * Red Hat JBoss BPM Suite 6 * Red Hat JBoss Data Virtualization & Services 6 * Red Hat JBoss Data Virtualization & Services 6 * Red Hat Enterprise Application Platform 5 * Red Hat Enterprise Application Platform 6 * Red Hat JBoss BRMS 5 * Red Hat JBoss Fuse Service Works 6 * Red Hat JBoss Fuse 6 * Red Hat JBoss Fuse 6 Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.
This issue has been addressed in the following products: Red Hat Single Sign On 7.3.8 Via RHSA-2020:2112 https://access.redhat.com/errata/RHSA-2020:2112
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-1695
This issue has been addressed in the following products: EAP-CD 19 Tech Preview Via RHSA-2020:2333 https://access.redhat.com/errata/RHSA-2020:2333
Created resteasy tracking bugs for this issue: Affects: fedora-all [bug 1845547]
Upstream fix: https://github.com/resteasy/Resteasy/commit/acf15f2a8067f7e4cf5838342cecfa0b78a174fb
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6 Via RHSA-2020:2511 https://access.redhat.com/errata/RHSA-2020:2511
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform Via RHSA-2020:2515 https://access.redhat.com/errata/RHSA-2020:2515
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8 Via RHSA-2020:2513 https://access.redhat.com/errata/RHSA-2020:2513
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7 Via RHSA-2020:2512 https://access.redhat.com/errata/RHSA-2020:2512
This issue has been addressed in the following products: Red Hat Openshift Application Runtimes Via RHSA-2020:2905 https://access.redhat.com/errata/RHSA-2020:2905
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6 Via RHSA-2020:3637 https://access.redhat.com/errata/RHSA-2020:3637
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8 Via RHSA-2020:3639 https://access.redhat.com/errata/RHSA-2020:3639
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7 Via RHSA-2020:3638 https://access.redhat.com/errata/RHSA-2020:3638
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform Via RHSA-2020:3642 https://access.redhat.com/errata/RHSA-2020:3642
This issue has been addressed in the following products: Red Hat Data Grid 7.3.7 Via RHSA-2020:3779 https://access.redhat.com/errata/RHSA-2020:3779
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:1775 https://access.redhat.com/errata/RHSA-2021:1775
This issue has been addressed in the following products: Red Hat Fuse 7.9 Via RHSA-2021:3140 https://access.redhat.com/errata/RHSA-2021:3140