usn-7630-1
Vulnerability from osv_ubuntu
It was discovered that RESTEasy made insufficient use of random values in asynchronous jobs. An attacker could possibly use this issue to steal user data. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-6345)
It was discovered that RESTEasy enabled a vulnerable GZIP decompression module by default. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-6346)
It was discovered that RESTEasy improperly made use of unsanitized data while handling certain errors. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-6347)
It was discovered that RESTEasy enabled a vulnerable JSON manipulation module by default. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-6348)
It was discovered that RESTEasy enabled a vulnerable deserialization module by default. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-7050)
Nikos Papadopoulos discovered that RESTEasy improperly handled URL encoding when certain errors occur. An attacker could possibly use this issue to modify the app's behavior for other users throughout the network. This issue did not affect resteasy3.0 in Ubuntu 24.04 LTS, Ubuntu 24.10, and Ubuntu 25.04. (CVE-2020-10688)
Mirko Selber discovered that RESTEasy improperly validated user input during HTTP response construction. An attacker could possibly use this issue to to cause a denial of service or execute arbitrary code. This issue did not affect resteasy3.0 in Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 24.10, and Ubuntu 25.04. (CVE-2020-1695)
It was discovered that RESTEasy improperly handled receiving the WebApplicationException during a client call. An attacker could possibly use this issue to obtain potentially sensitive server information. (CVE-2020-25633)
It was discovered that RESTEasy improperly populated exception responses with endpoint class and method names. An attacker could possibly use this issue to obtain potentially sensitive server information. (CVE-2021-20289)
It was discovered that RESTEasy used improper permissions when creating temporary files. An attacker could possibly use this issue to get access to sensitive data. (CVE-2023-0482)
It was discovered that RESTEasy improperly handled certain HTTP requests containing ASCII control characters. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-9622)
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2016-6345",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-6346",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-6347",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-6348",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-7050",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-1695",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-10688",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-25633",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-20289",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-0482",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-9622",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:16.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "libresteasy-java",
"binary_version": "3.0.6-3ubuntu0.1~esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "resteasy",
"purl": "pkg:deb/ubuntu/resteasy@3.0.6-3ubuntu0.1~esm1?arch=source\u0026distro=esm-apps/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.6-3ubuntu0.1~esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.0.6-3"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2020-1695",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-10688",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-25633",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-20289",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-0482",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-9622",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:18.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "libresteasy3.0-java",
"binary_version": "3.0.26-1~18.04.1~esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "resteasy3.0",
"purl": "pkg:deb/ubuntu/resteasy3.0@3.0.26-1~18.04.1~esm1?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.26-1~18.04.1~esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.0.19-1",
"3.0.19-2",
"3.0.26-1~18.04"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2020-1695",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-10688",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-25633",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-20289",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-0482",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-9622",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:20.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "libresteasy3.0-java",
"binary_version": "3.0.26-1ubuntu0.1~esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "resteasy3.0",
"purl": "pkg:deb/ubuntu/resteasy3.0@3.0.26-1ubuntu0.1~esm1?arch=source\u0026distro=esm-apps/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.26-1ubuntu0.1~esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.0.26-1"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2020-10688",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-25633",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-20289",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-0482",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-9622",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:22.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libresteasy3.0-java",
"binary_version": "3.0.26-3ubuntu0.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "resteasy3.0",
"purl": "pkg:deb/ubuntu/resteasy3.0@3.0.26-3ubuntu0.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.26-3ubuntu0.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.0.26-2",
"3.0.26-3"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2020-25633",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-20289",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-0482",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-9622",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:24.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libresteasy3.0-java",
"binary_version": "3.0.26-6ubuntu0.24.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "resteasy3.0",
"purl": "pkg:deb/ubuntu/resteasy3.0@3.0.26-6ubuntu0.24.04.1?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.26-6ubuntu0.24.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.0.26-6"
]
}
],
"aliases": [],
"details": "It was discovered that RESTEasy made insufficient use of random values in\nasynchronous jobs. An attacker could possibly use this issue to steal\nuser data. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-6345)\n\nIt was discovered that RESTEasy enabled a vulnerable GZIP decompression\nmodule by default. An attacker could possibly use this issue to cause a\ndenial of service. This issue only affected Ubuntu 16.04 LTS.\n(CVE-2016-6346)\n\nIt was discovered that RESTEasy improperly made use of unsanitized data\nwhile handling certain errors. An attacker could possibly use this issue\nto cause a denial of service or execute arbitrary code.\nThis issue only affected Ubuntu 16.04 LTS. (CVE-2016-6347)\n\nIt was discovered that RESTEasy enabled a vulnerable JSON manipulation\nmodule by default. An attacker could possibly use this issue to cause a\ndenial of service or execute arbitrary code.\nThis issue only affected Ubuntu 16.04 LTS. (CVE-2016-6348)\n\nIt was discovered that RESTEasy enabled a vulnerable deserialization\nmodule by default. An attacker could possibly use this issue to cause a\ndenial of service or execute arbitrary code.\nThis issue only affected Ubuntu 16.04 LTS. (CVE-2016-7050)\n\nNikos Papadopoulos discovered that RESTEasy improperly handled URL encoding\nwhen certain errors occur. An attacker could possibly use this issue to\nmodify the app\u0027s behavior for other users throughout the network.\nThis issue did not affect resteasy3.0 in Ubuntu 24.04 LTS, Ubuntu 24.10,\nand Ubuntu 25.04. (CVE-2020-10688)\n\nMirko Selber discovered that RESTEasy improperly validated user input\nduring HTTP response construction. An attacker could possibly use this\nissue to to cause a denial of service or execute arbitrary code.\nThis issue did not affect resteasy3.0 in Ubuntu 22.04 LTS,\nUbuntu 24.04 LTS, Ubuntu 24.10, and Ubuntu 25.04. (CVE-2020-1695)\n\nIt was discovered that RESTEasy improperly handled receiving the\nWebApplicationException during a client call. An attacker could possibly\nuse this issue to obtain potentially sensitive server information.\n(CVE-2020-25633)\n\nIt was discovered that RESTEasy improperly populated exception responses\nwith endpoint class and method names. An attacker could possibly use this\nissue to obtain potentially sensitive server information. (CVE-2021-20289)\n\nIt was discovered that RESTEasy used improper permissions when creating\ntemporary files. An attacker could possibly use this issue to get access to\nsensitive data. (CVE-2023-0482)\n\nIt was discovered that RESTEasy improperly handled certain HTTP requests\ncontaining ASCII control characters. An attacker could possibly use this\nissue to cause a denial of service. (CVE-2024-9622)",
"id": "USN-7630-1",
"modified": "2026-06-25T10:46:53Z",
"published": "2025-07-10T14:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7630-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-6345"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-6346"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-6347"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-6348"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-7050"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-1695"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-10688"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-25633"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-20289"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-0482"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-9622"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "resteasy, resteasy3.0 vulnerabilities",
"upstream": [
"UBUNTU-CVE-2016-6345",
"UBUNTU-CVE-2016-6346",
"UBUNTU-CVE-2016-6347",
"UBUNTU-CVE-2016-6348",
"UBUNTU-CVE-2016-7050",
"UBUNTU-CVE-2020-1695",
"UBUNTU-CVE-2020-10688",
"UBUNTU-CVE-2020-25633",
"UBUNTU-CVE-2021-20289",
"UBUNTU-CVE-2023-0482",
"UBUNTU-CVE-2024-9622"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.