Login Sign Up

CVE-2020-14326

7.5 HIGH
Denial of Service

📋 TL;DR

CVE-2020-14326 is a denial-of-service vulnerability in RESTEasy's RootNode caching mechanism that allows attackers to cause hash flooding, resulting in slower request processing and increased CPU usage. This affects applications using vulnerable versions of RESTEasy for RESTful web services. The vulnerability can be exploited without authentication to degrade service performance.

💻 Affected Systems

Products:
  • RESTEasy
Versions: RESTEasy versions 3.0.0 through 3.15.1
Operating Systems: All operating systems running Java applications with RESTEasy
Default Config Vulnerable: ⚠️ Yes
Notes: Affects RESTEasy deployments using the default configuration. Applications must be actively serving REST requests to be vulnerable.

📦 What is this software?

Integration Camel K by Redhat

View all CVEs affecting Integration Camel K →

Oncommand Insight by Netapp

View all CVEs affecting Oncommand Insight →

Resteasy by Redhat

View all CVEs affecting Resteasy →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service unavailability due to CPU exhaustion and request processing slowdown, affecting all users of the vulnerable application.

🟠

Likely Case

Degraded application performance with increased response times and higher server resource consumption, potentially causing partial service disruption.

🟢

If Mitigated

Minimal impact with proper rate limiting, monitoring, and updated versions, though some performance degradation may still occur during attack attempts.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending specially crafted HTTP requests to trigger hash collisions. No authentication is needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: RESTEasy 3.15.2 and later

Vendor Advisory: https://bugzilla.redhat.com/show_bug.cgi?id=1855826

Restart Required: Yes

Instructions:

1. Identify RESTEasy version in your application. 2. Update to RESTEasy 3.15.2 or later. 3. Rebuild and redeploy your application. 4. Restart the application server.

🔧 Temporary Workarounds

Rate Limiting

all

Implement request rate limiting to reduce impact of hash flooding attacks

Configure rate limiting in your web server or application firewall

Request Filtering

all

Filter or block suspicious request patterns that could trigger hash collisions

Implement custom request filters in your application

🧯 If You Can't Patch

  • Implement strict rate limiting and monitoring for abnormal request patterns
  • Deploy web application firewall with DoS protection rules

🔍 How to Verify

Check if Vulnerable:

Check RESTEasy version in your application dependencies or classpath. If version is between 3.0.0 and 3.15.1 inclusive, you are vulnerable.

Check Version:

Check Maven/Gradle dependencies or examine RESTEasy JAR file version

Verify Fix Applied:

Verify RESTEasy version is 3.15.2 or later after update. Test application functionality and monitor for performance issues.

📡 Detection & Monitoring

Log Indicators:

  • Unusually high CPU usage
  • Increased request processing times
  • Multiple similar requests from single sources

Network Indicators:

  • High volume of similar HTTP requests
  • Requests causing hash collisions

SIEM Query:

source="application_logs" AND (message="high cpu" OR message="slow request") AND resource="RESTEasy"

📊 Metadata

CVE ID: CVE-2020-14326
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-400
Published: June 2, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-14326, you might also want to check these:

CVE-2024-45166 9.8

UCI IDOL2 through version 2.12 contains multiple memory corruption vulnerabilities due to improper i...

Same vulnerability type (CWE-400)
CVE-2025-61303 9.8

This vulnerability in Hatching Triage Sandbox allows malware samples to evade detection by recursive...

Same vulnerability type (CWE-400)
CVE-2024-39462 9.8

This is a Linux kernel memory corruption vulnerability in the BCM2711 DVP clock driver where array b...

Same vulnerability type (CWE-400)