CVE-2020-1695 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2020-1695 Interim 1 10 2025-11-05T02:50:44Z current 2021-05-30T14:35:04Z 2025-11-05T02:50:44Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2020-1695 A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Liberty Linux 8 apache-commons-collections-3.2.2-10.module+el8.1.0+3366+6dfb954c apache-commons-lang-2.6-21.module+el8.1.0+3366+6dfb954c apache-commons-net-3.6-3.module+el8.3.0+6805+72837426 bea-stax-api-1.2.0-16.module+el8.1.0+3366+6dfb954c glassfish-fastinfoset-1.2.13-9.module+el8.1.0+3366+6dfb954c glassfish-jaxb-api-2.2.12-8.module+el8.1.0+3366+6dfb954c glassfish-jaxb-core-2.2.11-11.module+el8.1.0+3366+6dfb954c glassfish-jaxb-runtime-2.2.11-11.module+el8.1.0+3366+6dfb954c glassfish-jaxb-txw2-2.2.11-11.module+el8.1.0+3366+6dfb954c jackson-annotations-2.10.0-1.module+el8.2.0+5059+3eb3af25 jackson-core-2.10.0-1.module+el8.2.0+5059+3eb3af25 jackson-databind-2.10.0-1.module+el8.2.0+5059+3eb3af25 jackson-jaxrs-json-provider-2.9.9-1.module+el8.1.0+3832+9784644d jackson-jaxrs-providers-2.9.9-1.module+el8.1.0+3832+9784644d jackson-module-jaxb-annotations-2.7.6-4.module+el8.1.0+3366+6dfb954c jakarta-commons-httpclient-3.1-28.module+el8.1.0+3366+6dfb954c javassist-3.18.1-8.module+el8.1.0+3366+6dfb954c javassist-javadoc-3.18.1-8.module+el8.1.0+3366+6dfb954c jss-4.8.1-2.module+el8.4.0+10451+3e5b5448 jss-javadoc-4.8.1-2.module+el8.4.0+10451+3e5b5448 ldapjdk-4.22.0-1.module+el8.3.0+6784+6e1e4c62 ldapjdk-javadoc-4.22.0-1.module+el8.3.0+6784+6e1e4c62 pki-acme-10.10.5-2.module+el8.4.0+10466+9830f79e pki-base-10.10.5-2.module+el8.4.0+10466+9830f79e pki-base-java-10.10.5-2.module+el8.4.0+10466+9830f79e pki-ca-10.10.5-2.module+el8.4.0+10466+9830f79e pki-kra-10.10.5-2.module+el8.4.0+10466+9830f79e pki-server-10.10.5-2.module+el8.4.0+10466+9830f79e pki-servlet-4.0-api-9.0.30-1.module+el8.3.0+6730+8f9c6254 pki-servlet-engine-9.0.30-1.module+el8.3.0+6730+8f9c6254 pki-symkey-10.10.5-2.module+el8.4.0+10466+9830f79e pki-tools-10.10.5-2.module+el8.4.0+10466+9830f79e python-nss-doc-1.0.1-10.module+el8.1.0+3366+6dfb954c python3-nss-1.0.1-10.module+el8.1.0+3366+6dfb954c python3-pki-10.10.5-2.module+el8.4.0+10466+9830f79e relaxngDatatype-2011.1-7.module+el8.1.0+3366+6dfb954c resteasy-3.0.26-6.module+el8.4.0+8891+bb8828ef slf4j-1.7.25-4.module+el8.1.0+3366+6dfb954c slf4j-jdk14-1.7.25-4.module+el8.1.0+3366+6dfb954c stax-ex-1.7.7-8.module+el8.2.0+5723+4574fbff tomcatjss-7.6.1-1.module+el8.4.0+8778+d07929ff velocity-1.7-24.module+el8.1.0+3366+6dfb954c xalan-j2-2.7.1-38.module+el8.1.0+3366+6dfb954c xerces-j2-2.11.0-34.module+el8.1.0+3366+6dfb954c xml-commons-apis-1.4.01-25.module+el8.1.0+3366+6dfb954c xml-commons-resolver-1.2-26.module+el8.1.0+3366+6dfb954c xmlstreambuffer-1.5.4-8.module+el8.2.0+5723+4574fbff xsom-0-19.20110809svn.module+el8.1.0+3366+6dfb954c apache-commons-collections-3.2.2-10.module+el8.1.0+3366+6dfb954c as a component of SUSE Liberty Linux 8 apache-commons-lang-2.6-21.module+el8.1.0+3366+6dfb954c as a component of SUSE Liberty Linux 8 apache-commons-net-3.6-3.module+el8.3.0+6805+72837426 as a component of SUSE Liberty Linux 8 bea-stax-api-1.2.0-16.module+el8.1.0+3366+6dfb954c as a component of SUSE Liberty Linux 8 glassfish-fastinfoset-1.2.13-9.module+el8.1.0+3366+6dfb954c as a component of SUSE Liberty Linux 8 glassfish-jaxb-api-2.2.12-8.module+el8.1.0+3366+6dfb954c as a component of SUSE Liberty Linux 8 glassfish-jaxb-core-2.2.11-11.module+el8.1.0+3366+6dfb954c as a component of SUSE Liberty Linux 8 glassfish-jaxb-runtime-2.2.11-11.module+el8.1.0+3366+6dfb954c as a component of SUSE Liberty Linux 8 glassfish-jaxb-txw2-2.2.11-11.module+el8.1.0+3366+6dfb954c as a component of SUSE Liberty Linux 8 jackson-annotations-2.10.0-1.module+el8.2.0+5059+3eb3af25 as a component of SUSE Liberty Linux 8 jackson-core-2.10.0-1.module+el8.2.0+5059+3eb3af25 as a component of SUSE Liberty Linux 8 jackson-databind-2.10.0-1.module+el8.2.0+5059+3eb3af25 as a component of SUSE Liberty Linux 8 jackson-jaxrs-json-provider-2.9.9-1.module+el8.1.0+3832+9784644d as a component of SUSE Liberty Linux 8 jackson-jaxrs-providers-2.9.9-1.module+el8.1.0+3832+9784644d as a component of SUSE Liberty Linux 8 jackson-module-jaxb-annotations-2.7.6-4.module+el8.1.0+3366+6dfb954c as a component of SUSE Liberty Linux 8 jakarta-commons-httpclient-3.1-28.module+el8.1.0+3366+6dfb954c as a component of SUSE Liberty Linux 8 javassist-3.18.1-8.module+el8.1.0+3366+6dfb954c as a component of SUSE Liberty Linux 8 javassist-javadoc-3.18.1-8.module+el8.1.0+3366+6dfb954c as a component of SUSE Liberty Linux 8 jss-4.8.1-2.module+el8.4.0+10451+3e5b5448 as a component of SUSE Liberty Linux 8 jss-javadoc-4.8.1-2.module+el8.4.0+10451+3e5b5448 as a component of SUSE Liberty Linux 8 ldapjdk-4.22.0-1.module+el8.3.0+6784+6e1e4c62 as a component of SUSE Liberty Linux 8 ldapjdk-javadoc-4.22.0-1.module+el8.3.0+6784+6e1e4c62 as a component of SUSE Liberty Linux 8 pki-acme-10.10.5-2.module+el8.4.0+10466+9830f79e as a component of SUSE Liberty Linux 8 pki-base-10.10.5-2.module+el8.4.0+10466+9830f79e as a component of SUSE Liberty Linux 8 pki-base-java-10.10.5-2.module+el8.4.0+10466+9830f79e as a component of SUSE Liberty Linux 8 pki-ca-10.10.5-2.module+el8.4.0+10466+9830f79e as a component of SUSE Liberty Linux 8 pki-kra-10.10.5-2.module+el8.4.0+10466+9830f79e as a component of SUSE Liberty Linux 8 pki-server-10.10.5-2.module+el8.4.0+10466+9830f79e as a component of SUSE Liberty Linux 8 pki-servlet-4.0-api-9.0.30-1.module+el8.3.0+6730+8f9c6254 as a component of SUSE Liberty Linux 8 pki-servlet-engine-9.0.30-1.module+el8.3.0+6730+8f9c6254 as a component of SUSE Liberty Linux 8 pki-symkey-10.10.5-2.module+el8.4.0+10466+9830f79e as a component of SUSE Liberty Linux 8 pki-tools-10.10.5-2.module+el8.4.0+10466+9830f79e as a component of SUSE Liberty Linux 8 python-nss-doc-1.0.1-10.module+el8.1.0+3366+6dfb954c as a component of SUSE Liberty Linux 8 python3-nss-1.0.1-10.module+el8.1.0+3366+6dfb954c as a component of SUSE Liberty Linux 8 python3-pki-10.10.5-2.module+el8.4.0+10466+9830f79e as a component of SUSE Liberty Linux 8 relaxngDatatype-2011.1-7.module+el8.1.0+3366+6dfb954c as a component of SUSE Liberty Linux 8 resteasy-3.0.26-6.module+el8.4.0+8891+bb8828ef as a component of SUSE Liberty Linux 8 slf4j-1.7.25-4.module+el8.1.0+3366+6dfb954c as a component of SUSE Liberty Linux 8 slf4j-jdk14-1.7.25-4.module+el8.1.0+3366+6dfb954c as a component of SUSE Liberty Linux 8 stax-ex-1.7.7-8.module+el8.2.0+5723+4574fbff as a component of SUSE Liberty Linux 8 tomcatjss-7.6.1-1.module+el8.4.0+8778+d07929ff as a component of SUSE Liberty Linux 8 velocity-1.7-24.module+el8.1.0+3366+6dfb954c as a component of SUSE Liberty Linux 8 xalan-j2-2.7.1-38.module+el8.1.0+3366+6dfb954c as a component of SUSE Liberty Linux 8 xerces-j2-2.11.0-34.module+el8.1.0+3366+6dfb954c as a component of SUSE Liberty Linux 8 xml-commons-apis-1.4.01-25.module+el8.1.0+3366+6dfb954c as a component of SUSE Liberty Linux 8 xml-commons-resolver-1.2-26.module+el8.1.0+3366+6dfb954c as a component of SUSE Liberty Linux 8 xmlstreambuffer-1.5.4-8.module+el8.2.0+5723+4574fbff as a component of SUSE Liberty Linux 8 xsom-0-19.20110809svn.module+el8.1.0+3366+6dfb954c as a component of SUSE Liberty Linux 8 A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed. CVE-2020-1695 SUSE Liberty Linux 8:apache-commons-collections-3.2.2-10.module+el8.1.0+3366+6dfb954c SUSE Liberty Linux 8:apache-commons-lang-2.6-21.module+el8.1.0+3366+6dfb954c SUSE Liberty Linux 8:apache-commons-net-3.6-3.module+el8.3.0+6805+72837426 SUSE Liberty Linux 8:bea-stax-api-1.2.0-16.module+el8.1.0+3366+6dfb954c SUSE Liberty Linux 8:glassfish-fastinfoset-1.2.13-9.module+el8.1.0+3366+6dfb954c SUSE Liberty Linux 8:glassfish-jaxb-api-2.2.12-8.module+el8.1.0+3366+6dfb954c SUSE Liberty Linux 8:glassfish-jaxb-core-2.2.11-11.module+el8.1.0+3366+6dfb954c SUSE Liberty Linux 8:glassfish-jaxb-runtime-2.2.11-11.module+el8.1.0+3366+6dfb954c SUSE Liberty Linux 8:glassfish-jaxb-txw2-2.2.11-11.module+el8.1.0+3366+6dfb954c SUSE Liberty Linux 8:jackson-annotations-2.10.0-1.module+el8.2.0+5059+3eb3af25 SUSE Liberty Linux 8:jackson-core-2.10.0-1.module+el8.2.0+5059+3eb3af25 SUSE Liberty Linux 8:jackson-databind-2.10.0-1.module+el8.2.0+5059+3eb3af25 SUSE Liberty Linux 8:jackson-jaxrs-json-provider-2.9.9-1.module+el8.1.0+3832+9784644d SUSE Liberty Linux 8:jackson-jaxrs-providers-2.9.9-1.module+el8.1.0+3832+9784644d SUSE Liberty Linux 8:jackson-module-jaxb-annotations-2.7.6-4.module+el8.1.0+3366+6dfb954c SUSE Liberty Linux 8:jakarta-commons-httpclient-3.1-28.module+el8.1.0+3366+6dfb954c SUSE Liberty Linux 8:javassist-3.18.1-8.module+el8.1.0+3366+6dfb954c SUSE Liberty Linux 8:javassist-javadoc-3.18.1-8.module+el8.1.0+3366+6dfb954c SUSE Liberty Linux 8:jss-4.8.1-2.module+el8.4.0+10451+3e5b5448 SUSE Liberty Linux 8:jss-javadoc-4.8.1-2.module+el8.4.0+10451+3e5b5448 SUSE Liberty Linux 8:ldapjdk-4.22.0-1.module+el8.3.0+6784+6e1e4c62 SUSE Liberty Linux 8:ldapjdk-javadoc-4.22.0-1.module+el8.3.0+6784+6e1e4c62 SUSE Liberty Linux 8:pki-acme-10.10.5-2.module+el8.4.0+10466+9830f79e SUSE Liberty Linux 8:pki-base-10.10.5-2.module+el8.4.0+10466+9830f79e SUSE Liberty Linux 8:pki-base-java-10.10.5-2.module+el8.4.0+10466+9830f79e SUSE Liberty Linux 8:pki-ca-10.10.5-2.module+el8.4.0+10466+9830f79e SUSE Liberty Linux 8:pki-kra-10.10.5-2.module+el8.4.0+10466+9830f79e SUSE Liberty Linux 8:pki-server-10.10.5-2.module+el8.4.0+10466+9830f79e SUSE Liberty Linux 8:pki-servlet-4.0-api-9.0.30-1.module+el8.3.0+6730+8f9c6254 SUSE Liberty Linux 8:pki-servlet-engine-9.0.30-1.module+el8.3.0+6730+8f9c6254 SUSE Liberty Linux 8:pki-symkey-10.10.5-2.module+el8.4.0+10466+9830f79e SUSE Liberty Linux 8:pki-tools-10.10.5-2.module+el8.4.0+10466+9830f79e SUSE Liberty Linux 8:python-nss-doc-1.0.1-10.module+el8.1.0+3366+6dfb954c SUSE Liberty Linux 8:python3-nss-1.0.1-10.module+el8.1.0+3366+6dfb954c SUSE Liberty Linux 8:python3-pki-10.10.5-2.module+el8.4.0+10466+9830f79e SUSE Liberty Linux 8:relaxngDatatype-2011.1-7.module+el8.1.0+3366+6dfb954c SUSE Liberty Linux 8:resteasy-3.0.26-6.module+el8.4.0+8891+bb8828ef SUSE Liberty Linux 8:slf4j-1.7.25-4.module+el8.1.0+3366+6dfb954c SUSE Liberty Linux 8:slf4j-jdk14-1.7.25-4.module+el8.1.0+3366+6dfb954c SUSE Liberty Linux 8:stax-ex-1.7.7-8.module+el8.2.0+5723+4574fbff SUSE Liberty Linux 8:tomcatjss-7.6.1-1.module+el8.4.0+8778+d07929ff SUSE Liberty Linux 8:velocity-1.7-24.module+el8.1.0+3366+6dfb954c SUSE Liberty Linux 8:xalan-j2-2.7.1-38.module+el8.1.0+3366+6dfb954c SUSE Liberty Linux 8:xerces-j2-2.11.0-34.module+el8.1.0+3366+6dfb954c SUSE Liberty Linux 8:xml-commons-apis-1.4.01-25.module+el8.1.0+3366+6dfb954c SUSE Liberty Linux 8:xml-commons-resolver-1.2-26.module+el8.1.0+3366+6dfb954c SUSE Liberty Linux 8:xmlstreambuffer-1.5.4-8.module+el8.2.0+5723+4574fbff SUSE Liberty Linux 8:xsom-0-19.20110809svn.module+el8.1.0+3366+6dfb954c important 5 AV:N/AC:L/Au:N/C:N/I:P/A:N 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N