{"containers": {"cna": {"affected": [{"product": "RESTEasy", "vendor": "n/a", "versions": [{"status": "affected", "version": "RESTEasy 4.5.6.Final"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. This issue results in hash flooding, leading to slower requests with higher CPU time spent searching and adding the entry. This flaw allows an attacker to cause a denial of service."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-07-13T09:06:08", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1855826"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20210713-0001/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-14326", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "RESTEasy", "version": {"version_data": [{"version_value": "RESTEasy 4.5.6.Final"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. This issue results in hash flooding, leading to slower requests with higher CPU time spent searching and adding the entry. This flaw allows an attacker to cause a denial of service."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-400"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1855826", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1855826"}, {"name": "https://security.netapp.com/advisory/ntap-20210713-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210713-0001/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T12:39:36.403Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1855826"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20210713-0001/"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-14326", "datePublished": "2021-06-02T11:23:23", "dateReserved": "2020-06-17T00:00:00", "dateUpdated": "2024-08-04T12:39:36.403Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:*", "matchCriteriaId": "B87C8AD3-8878-4546-86C2-BF411876648C", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:resteasy:*:*:*:*:*:*:*:*", "matchCriteriaId": "EFF1F754-57D6-453B-B074-E437AA7EBB6B", "versionEndExcluding": "4.5.6", "versionStartIncluding": "4.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. This issue results in hash flooding, leading to slower requests with higher CPU time spent searching and adding the entry. This flaw allows an attacker to cause a denial of service."}, {"lang": "es", "value": "Se encontrado una vulnerabilidad en RESTEasy, donde RootNode almacena incorrectamente las rutas en cach\u00e9. Este problema resulta en una inundaci\u00f3n de hash, lo que conlleva a una ralentizaci\u00f3n de las peticiones con un mayor tiempo de CPU dedicado a buscar y a\u00f1adir la entrada. Este fallo permite a un atacante causar una denegaci\u00f3n de servicio"}], "id": "CVE-2020-14326", "lastModified": "2024-11-21T05:03:00.980", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-06-02T12:15:08.227", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1855826"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20210713-0001/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1855826"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20210713-0001/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Ben Manes (Vector) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2020:3248", "cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0", "package": "RESTEasy", "product_name": "Red Hat build of Quarkus 1.3.4 SP1", "release_date": "2020-07-30T00:00:00Z"}, {"advisory": "RHSA-2020:5568", "cpe": "cpe:/a:redhat:jboss_fuse:7", "package": "RESTEasy", "product_name": "Red Hat Fuse 7.8.0", "release_date": "2020-12-16T00:00:00Z"}, {"advisory": "RHSA-2021:4918", "cpe": "cpe:/a:redhat:integration:1", "impact": "low", "package": "RESTEasy", "product_name": "Red Hat Integration", "release_date": "2021-12-02T00:00:00Z"}, {"advisory": "RHSA-2021:4767", "cpe": "cpe:/a:redhat:camel_quarkus:2.2", "impact": "low", "package": "RESTEasy", "product_name": "Red Hat Integration Camel Quarkus", "release_date": "2021-11-23T00:00:00Z"}], "bugzilla": {"description": "RESTEasy: Caching routes in RootNode may result in DoS", "id": "1855826", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1855826"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-407", "details": ["A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. This issue results in hash flooding, leading to slower requests with higher CPU time spent searching and adding the entry. This flaw allows an attacker to cause a denial of service.", "A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. This issue results in hash flooding, leading to slower requests with higher CPU time spent searching and adding the entry. This flaw allows an attacker to cause a denial of service."], "name": "CVE-2020-14326", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "resteasy-base", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "pki-deps:10.6/resteasy", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Not affected", "package_name": "RESTEasy", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "fix_state": "Not affected", "package_name": "RESTEasy", "product_name": "Red Hat JBoss Enterprise Application Platform 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_cd", "fix_state": "Not affected", "package_name": "RESTEasy", "product_name": "Red Hat JBoss Enterprise Application Platform Continuous Delivery"}], "public_date": "2020-07-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-14326\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14326\nhttps://issues.redhat.com/secure/ReleaseNote.jspa?version=12346372&projectId=12310560"], "threat_severity": "Important", "upstream_fix": "resteasy 4.5.6.Final"}