Security fix for CVE-2020-1695

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2511 advisory.

    Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly     application runtime.

    This release of Red Hat JBoss Enterprise Application Platform 7.3.1 serves as a replacement for Red Hat     JBoss Enterprise Application Platform 7.3.0, and includes bug fixes and enhancements. See the Red Hat     JBoss Enterprise Application Platform 7.3.1 Release Notes for information about the most significant bug     fixes and enhancements included in this release.

    Security Fix(es):

    * cxf: reflected XSS in the services listing page (CVE-2019-17573)

    * cxf-core: cxf: OpenId Connect token service does not properly validate the clientId (CVE-2019-12423)

    * jackson-mapper-asl: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)

    * undertow: servletPath in normalized incorrectly leading to dangerous application mapping which could     result in security bypass (CVE-2020-1757)

    * jackson-databind: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)

    * jackson-mapper-asl: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)

    * resteasy-jaxrs: resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class     (CVE-2020-1695)

    * cryptacular: excessive memory allocation during a decode operation (CVE-2020-7226)

    * smallrye-config: SmallRye: SecuritySupport class is incorrectly public and contains a static method to     access the current threads context class loader (CVE-2020-1729)

    * resteasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack (CVE-2020-10688)

    * jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)

    * undertow: invalid HTTP request with large chunk size (CVE-2020-10719)

    * jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)

    * jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)

    * jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)

    * undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)

    * libthrift: thrift: Endless loop when feed with specific input data (CVE-2019-0205)

    * libthrift: thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol (CVE-2019-0210)

    * wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider     is in use (CVE-2019-14887)

    * jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of     CVE-2018-14371 (CVE-2020-6950)

    * jsf-impl: mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter     (CVE-2018-14371)

    For more details about the security issue(s), including the impact, a CVSS score, and other related     information, see the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-1775 advisory.

  - A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions     prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that     integrates into the server's response. This flaw may result in an injection, which leads to unexpected     behavior when the HTTP response is constructed. (CVE-2020-1695)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2513 advisory.

    Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly     application runtime.

    This release of Red Hat JBoss Enterprise Application Platform 7.3.1 serves as a replacement for Red Hat     JBoss Enterprise Application Platform 7.3.0, and includes bug fixes and enhancements. See the Red Hat     JBoss Enterprise Application Platform 7.3.1 Release Notes for information about the most significant bug     fixes and enhancements included in this release.

    Security Fix(es):

    * cxf: reflected XSS in the services listing page (CVE-2019-17573)

    * cxf-core: cxf: OpenId Connect token service does not properly validate the clientId (CVE-2019-12423)

    * jackson-mapper-asl: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)

    * undertow: servletPath in normalized incorrectly leading to dangerous application mapping which could     result in security bypass (CVE-2020-1757)

    * jackson-databind: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)

    * jackson-mapper-asl: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)

    * resteasy-jaxrs: resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class     (CVE-2020-1695)

    * cryptacular: excessive memory allocation during a decode operation (CVE-2020-7226)

    * smallrye-config: SmallRye: SecuritySupport class is incorrectly public and contains a static method to     access the current threads context class loader (CVE-2020-1729)

    * resteasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack (CVE-2020-10688)

    * jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)

    * undertow: invalid HTTP request with large chunk size (CVE-2020-10719)

    * jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)

    * jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)

    * jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)

    * undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)

    * libthrift: thrift: Endless loop when feed with specific input data (CVE-2019-0205)

    * libthrift: thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol (CVE-2019-0210)

    * wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider     is in use (CVE-2019-14887)

    * jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of     CVE-2018-14371 (CVE-2020-6950)

    * jsf-impl: mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter     (CVE-2018-14371)

    For more details about the security issue(s), including the impact, a CVSS score, and other related     information, see the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2021:1775 advisory.

  - resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3639 advisory.

    This release of Red Hat JBoss Enterprise Application Platform 7.2.9 serves as a replacement for Red Hat     JBoss Enterprise Application Platform 7.2.8, and includes bug fixes and enhancements. See the Red Hat     JBoss Enterprise Application Platform 7.2.9 Release Notes for information about the most significant bug     fixes and enhancements included in this release.

    Security Fix(es):

    * jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)

    * jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)

    * jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)

    * jackson-databind: mishandles the interaction between serialization gadgets and typing which could result     in remote command execution (CVE-2020-10672)

    * jackson-databind: mishandles the interaction between serialization gadgets and typing which could result     in remote command execution (CVE-2020-10673)

    * jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)

    * undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)

    * wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in     HTTP requests (CVE-2020-10687)

    * jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of     CVE-2018-14371 (CVE-2020-6950)

    * resteasy-jaxrs: resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class     (CVE-2020-1695)

    * wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)

    * dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)

    * wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain     (CVE-2020-1748)

    * hibernate-validator: Improper input validation in the interpolation of constraint error messages     (CVE-2020-10693)

    * hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)

    * wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)

     wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)

    * jboss-ejb-client: wildfly: EJB SessionOpenInvocations may not be removed properly after a response is     received causing Denial of Service (CVE-2020-14307)

    * jboss-ejb-client: wildfly: Some EJB transaction objects may get accumulated causing Denial of Service     (CVE-2020-14297)

    For more details about the security issue(s), including the impact, a CVSS score, and other related     information, see the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:1775 advisory.

    The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate     System.

    Security Fix(es):

    * resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched.

  - resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)

Note that Nessus has not tested for this issue but has instead relied on the package manager's report that the package is installed.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2512 advisory.

    Red Hat JBoss Enterprise Application Platform 7 is a platform for Java     applications based on the WildFly application runtime.

    This release of Red Hat JBoss Enterprise Application Platform 7.3.1 serves as a replacement for Red Hat     JBoss Enterprise Application Platform 7.3.0, and includes bug fixes and enhancements. See the Red Hat     JBoss Enterprise Application Platform 7.3.1 Release Notes for information about the most significant bug     fixes and enhancements included in this release.

    Security Fix(es):

    * cxf: reflected XSS in the services listing page (CVE-2019-17573)

    * cxf-core: cxf: OpenId Connect token service does not properly validate the clientId (CVE-2019-12423)

    * jackson-mapper-asl: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)

    * undertow: servletPath in normalized incorrectly leading to dangerous application mapping which could     result in security bypass (CVE-2020-1757)

    * jackson-databind: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)

    * jackson-mapper-asl: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)

    * resteasy-jaxrs: resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class     (CVE-2020-1695)

    * cryptacular: excessive memory allocation during a decode operation (CVE-2020-7226)

    * smallrye-config: SmallRye: SecuritySupport class is incorrectly public and contains a static method to     access the current threads context class loader (CVE-2020-1729)

    * resteasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack (CVE-2020-10688)

    * jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)

    * undertow: invalid HTTP request with large chunk size (CVE-2020-10719)

    * jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)

    * jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)

    * jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)

    * undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)

    * libthrift: thrift: Endless loop when feed with specific input data (CVE-2019-0205)

    * libthrift: thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol (CVE-2019-0210)

    * wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider     is in use (CVE-2019-14887)

    * jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of     CVE-2018-14371 (CVE-2020-6950)

    * jsf-impl: mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter     (CVE-2018-14371)

    For more details about the security issue(s), including the impact, a CVSS score, and other related     information, see the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3638 advisory.

    This release of Red Hat JBoss Enterprise Application Platform 7.2.9 serves as a replacement for Red Hat     JBoss Enterprise Application Platform 7.2.8, and includes bug fixes and enhancements. See the Red Hat     JBoss Enterprise Application Platform 7.2.9 Release Notes for information about the most significant bug     fixes and enhancements included in this release.

    Security Fix(es):

    * jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)

    * jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)

    * jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)

    * jackson-databind: mishandles the interaction between serialization gadgets and typing which could result     in remote command execution (CVE-2020-10672)

    * jackson-databind: mishandles the interaction between serialization gadgets and typing which could result     in remote command execution (CVE-2020-10673)

    * jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)

    * undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)

    * wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in     HTTP requests (CVE-2020-10687)

    * jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of     CVE-2018-14371 (CVE-2020-6950)

    * resteasy-jaxrs: resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class     (CVE-2020-1695)

    * wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)

    * dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)

    * wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain     (CVE-2020-1748)

    * hibernate-validator: Improper input validation in the interpolation of constraint error messages     (CVE-2020-10693)

    * hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)

    * wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)

     wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)

    * jboss-ejb-client: wildfly: EJB SessionOpenInvocations may not be removed properly after a response is     received causing Denial of Service (CVE-2020-14307)

    * jboss-ejb-client: wildfly: Some EJB transaction objects may get accumulated causing Denial of Service     (CVE-2020-14297)

    For more details about the security issue(s), including the impact, a CVSS score, and other related     information, see the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3637 advisory.

    This release of Red Hat JBoss Enterprise Application Platform 7.2.9 serves as a replacement for Red Hat     JBoss Enterprise Application Platform 7.2.8, and includes bug fixes and enhancements. See the Red Hat     JBoss Enterprise Application Platform 7.2.9 Release Notes for information about the most significant bug     fixes and enhancements included in this release.

    Security Fix(es):

    * jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)

    * jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)

    * jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)

    * jackson-databind: mishandles the interaction between serialization gadgets and typing which could result     in remote command execution (CVE-2020-10672)

    * jackson-databind: mishandles the interaction between serialization gadgets and typing which could result     in remote command execution (CVE-2020-10673)

    * jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)

    * undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)

    * wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in     HTTP requests (CVE-2020-10687)

    * jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of     CVE-2018-14371 (CVE-2020-6950)

    * resteasy-jaxrs: resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class     (CVE-2020-1695)

    * wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)

    * dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)

    * wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain     (CVE-2020-1748)

    * hibernate-validator: Improper input validation in the interpolation of constraint error messages     (CVE-2020-10693)

    * hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)

    * wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)

     wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)

    * jboss-ejb-client: wildfly: EJB SessionOpenInvocations may not be removed properly after a response is     received causing Denial of Service (CVE-2020-14307)

    * jboss-ejb-client: wildfly: Some EJB transaction objects may get accumulated causing Denial of Service     (CVE-2020-14297)

    For more details about the security issue(s), including the impact, a CVSS score, and other related     information, see the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
143595	Fedora 33 : resteasy (2020-df970da9fc)	Nessus	Fedora Local Security Checks	12/9/2020	2/6/2024	high
137331	RHEL 6 : Red Hat JBoss Enterprise Application Platform 7.3.1 Security update (Important) (RHSA-2020:2511)	Nessus	Red Hat Local Security Checks	6/11/2020	6/3/2024	critical
155318	Oracle Linux 8 : pki-core:10.6 / and / pki-deps:10.6 (ELSA-2021-1775)	Nessus	Oracle Linux Local Security Checks	11/12/2021	11/12/2021	high
137334	RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.3.1 Security update (Important) (RHSA-2020:2513)	Nessus	Red Hat Local Security Checks	6/11/2020	6/3/2024	critical
143598	Fedora 32 : resteasy (2020-239503f5fa)	Nessus	Fedora Local Security Checks	12/9/2020	2/6/2024	high
149748	CentOS 8 : pki-core:10.6 and pki-deps:10.6 (CESA-2021:1775)	Nessus	CentOS Local Security Checks	5/19/2021	2/8/2023	high
140392	RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 8 (RHSA-2020:3639)	Nessus	Red Hat Local Security Checks	9/8/2020	6/4/2024	critical
149656	RHEL 8 : pki-core:10.6 and pki-deps:10.6 (RHSA-2021:1775)	Nessus	Red Hat Local Security Checks	5/19/2021	6/4/2024	high
199658	RHEL 7 : candlepin (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	6/3/2024	6/3/2024	high
137333	RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.3.1 Security update (Important) (RHSA-2020:2512)	Nessus	Red Hat Local Security Checks	6/11/2020	6/4/2024	critical
140390	RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 7 (RHSA-2020:3638)	Nessus	Red Hat Local Security Checks	9/8/2020	6/3/2024	critical
140397	RHEL 6 : Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 6 (RHSA-2020:3637)	Nessus	Red Hat Local Security Checks	9/8/2020	6/3/2024	critical

Detections

Analytics

Plugins Search

high

critical

high

critical

high

high

critical

high

high

critical

critical

critical