{"id":"USN-7630-1","summary":"resteasy, resteasy3.0 vulnerabilities","details":"It was discovered that RESTEasy made insufficient use of random values in\nasynchronous jobs. An attacker could possibly use this issue to steal\nuser data. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-6345)\n\nIt was discovered that RESTEasy enabled a vulnerable GZIP decompression\nmodule by default. An attacker could possibly use this issue to cause a\ndenial of service. This issue only affected Ubuntu 16.04 LTS.\n(CVE-2016-6346)\n\nIt was discovered that RESTEasy improperly made use of unsanitized data\nwhile handling certain errors. An attacker could possibly use this issue\nto cause a denial of service or execute arbitrary code.\nThis issue only affected Ubuntu 16.04 LTS. (CVE-2016-6347)\n\nIt was discovered that RESTEasy enabled a vulnerable JSON manipulation\nmodule by default. An attacker could possibly use this issue to cause a\ndenial of service or execute arbitrary code.\nThis issue only affected Ubuntu 16.04 LTS. (CVE-2016-6348)\n\nIt was discovered that RESTEasy enabled a vulnerable deserialization\nmodule by default. An attacker could possibly use this issue to cause a\ndenial of service or execute arbitrary code.\nThis issue only affected Ubuntu 16.04 LTS. (CVE-2016-7050)\n\nNikos Papadopoulos discovered that RESTEasy improperly handled URL encoding\nwhen certain errors occur. An attacker could possibly use this issue to\nmodify the app's behavior for other users throughout the network.\nThis issue did not affect resteasy3.0 in Ubuntu 24.04 LTS, Ubuntu 24.10,\nand Ubuntu 25.04. (CVE-2020-10688)\n\nMirko Selber discovered that RESTEasy improperly validated user input\nduring HTTP response construction. An attacker could possibly use this\nissue to to cause a denial of service or execute arbitrary code.\nThis issue did not affect resteasy3.0 in Ubuntu 22.04 LTS,\nUbuntu 24.04 LTS, Ubuntu 24.10, and Ubuntu 25.04. (CVE-2020-1695)\n\nIt was discovered that RESTEasy improperly handled receiving the\nWebApplicationException during a client call. An attacker could possibly\nuse this issue to obtain potentially sensitive server information.\n(CVE-2020-25633)\n\nIt was discovered that RESTEasy improperly populated exception responses\nwith endpoint class and method names. An attacker could possibly use this\nissue to obtain potentially sensitive server information. (CVE-2021-20289)\n\nIt was discovered that RESTEasy used improper permissions when creating\ntemporary files. An attacker could possibly use this issue to get access to\nsensitive data. (CVE-2023-0482)\n\nIt was discovered that RESTEasy improperly handled certain HTTP requests\ncontaining ASCII control characters. An attacker could possibly use this\nissue to cause a denial of service. (CVE-2024-9622)","modified":"2026-02-10T04:49:34Z","published":"2025-07-10T14:30:24Z","related":["UBUNTU-CVE-2016-6345","UBUNTU-CVE-2016-6346","UBUNTU-CVE-2016-6347","UBUNTU-CVE-2016-6348","UBUNTU-CVE-2016-7050","UBUNTU-CVE-2020-10688","UBUNTU-CVE-2020-1695","UBUNTU-CVE-2020-25633","UBUNTU-CVE-2021-20289","UBUNTU-CVE-2023-0482","UBUNTU-CVE-2024-9622"],"upstream":["CVE-2016-6345","CVE-2016-6346","CVE-2016-6347","CVE-2016-6348","CVE-2016-7050","CVE-2020-10688","CVE-2020-1695","CVE-2020-25633","CVE-2021-20289","CVE-2023-0482","CVE-2024-9622","UBUNTU-CVE-2016-6345","UBUNTU-CVE-2016-6346","UBUNTU-CVE-2016-6347","UBUNTU-CVE-2016-6348","UBUNTU-CVE-2016-7050","UBUNTU-CVE-2020-10688","UBUNTU-CVE-2020-1695","UBUNTU-CVE-2020-25633","UBUNTU-CVE-2021-20289","UBUNTU-CVE-2023-0482","UBUNTU-CVE-2024-9622"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7630-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-6345"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-6346"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-6347"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-6348"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-7050"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-1695"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-10688"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-25633"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-20289"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-0482"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-9622"}],"affected":[{"package":{"name":"resteasy","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/resteasy@3.0.6-3ubuntu0.1~esm1?arch=source&distro=esm-apps/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.0.6-3ubuntu0.1~esm1"}]}],"versions":["3.0.6-3"],"ecosystem_specific":{"binaries":[{"binary_version":"3.0.6-3ubuntu0.1~esm1","binary_name":"libresteasy-java"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7630-1.json","cves_map":{"cves":[{"id":"CVE-2016-6345","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2016-6346","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2016-6347","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2016-6348","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2016-7050","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2020-1695","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2020-10688","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2020-25633","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-20289","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2023-0482","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2024-9622","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:Pro:16.04:LTS"}}},{"package":{"name":"resteasy3.0","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/resteasy3.0@3.0.26-1~18.04.1~esm1?arch=source&distro=esm-apps/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.0.26-1~18.04.1~esm1"}]}],"versions":["3.0.19-1","3.0.19-2","3.0.26-1~18.04"],"ecosystem_specific":{"binaries":[{"binary_version":"3.0.26-1~18.04.1~esm1","binary_name":"libresteasy3.0-java"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7630-1.json","cves_map":{"cves":[{"id":"CVE-2020-1695","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2020-10688","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2020-25633","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-20289","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2023-0482","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2024-9622","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:Pro:18.04:LTS"}}},{"package":{"name":"resteasy3.0","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/resteasy3.0@3.0.26-1ubuntu0.1~esm1?arch=source&distro=esm-apps/focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.0.26-1ubuntu0.1~esm1"}]}],"versions":["3.0.26-1"],"ecosystem_specific":{"binaries":[{"binary_version":"3.0.26-1ubuntu0.1~esm1","binary_name":"libresteasy3.0-java"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7630-1.json","cves_map":{"cves":[{"id":"CVE-2020-1695","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2020-10688","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2020-25633","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-20289","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2023-0482","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2024-9622","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:Pro:20.04:LTS"}}},{"package":{"name":"resteasy3.0","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/resteasy3.0@3.0.26-3ubuntu0.1?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.0.26-3ubuntu0.1"}]}],"versions":["3.0.26-2","3.0.26-3"],"ecosystem_specific":{"binaries":[{"binary_version":"3.0.26-3ubuntu0.1","binary_name":"libresteasy3.0-java"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7630-1.json","cves_map":{"cves":[{"id":"CVE-2020-10688","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2020-25633","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-20289","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2023-0482","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2024-9622","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:22.04:LTS"}}},{"package":{"name":"resteasy3.0","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/resteasy3.0@3.0.26-6ubuntu0.24.04.1?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.0.26-6ubuntu0.24.04.1"}]}],"versions":["3.0.26-6"],"ecosystem_specific":{"binaries":[{"binary_version":"3.0.26-6ubuntu0.24.04.1","binary_name":"libresteasy3.0-java"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7630-1.json","cves_map":{"cves":[{"id":"CVE-2020-25633","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-20289","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2023-0482","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2024-9622","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:24.04:LTS"}}}],"schema_version":"1.7.3"}