vulnerability
Ubuntu: USN-7630-1 (CVE-2016-7050): RESTEasy vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Jun 8, 2017 | Jun 26, 2025 | Sep 5, 2025 |
Description
It was discovered that RESTEasy made insufficient use of random values in
asynchronous jobs. An attacker could possibly use this issue to steal
user data. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-6345)
It was discovered that RESTEasy enabled a vulnerable GZIP decompression
module by default. An attacker could possibly use this issue to cause a
denial of service. This issue only affected Ubuntu 16.04 LTS.
(CVE-2016-6346)
It was discovered that RESTEasy improperly made use of unsanitized data
while handling certain errors. An attacker could possibly use this issue
to cause a denial of service or execute arbitrary code.
This issue only affected Ubuntu 16.04 LTS. (CVE-2016-6347)
It was discovered that RESTEasy enabled a vulnerable JSON manipulation
module by default. An attacker could possibly use this issue to cause a
denial of service or execute arbitrary code.
This issue only affected Ubuntu 16.04 LTS. (CVE-2016-6348)
It was discovered that RESTEasy enabled a vulnerable deserialization
module by default. An attacker could possibly use this issue to cause a
denial of service or execute arbitrary code.
This issue only affected Ubuntu 16.04 LTS. (CVE-2016-7050)
Nikos Papadopoulos discovered that RESTEasy improperly handled URL encoding
when certain errors occur. An attacker could possibly use this issue to
modify the app's behavior for other users throughout the network.
This issue did not affect resteasy3.0 in Ubuntu 24.04 LTS, Ubuntu 24.10,
and Ubuntu 25.04. (CVE-2020-10688)
Mirko Selber discovered that RESTEasy improperly validated user input
during HTTP response construction. An attacker could possibly use this
issue to to cause a denial of service or execute arbitrary code.
This issue did not affect resteasy3.0 in Ubuntu 22.04 LTS,
Ubuntu 24.04 LTS, Ubuntu 24.10, and Ubuntu 25.04. (CVE-2020-1695)
It was discovered that RESTEasy improperly handled receiving the
WebApplicationException during a client call. An attacker could possibly
use this issue to obtain potentially sensitive server information.
(CVE-2020-25633)
It was discovered that RESTEasy improperly populated exception responses
with endpoint class and method names. An attacker could possibly use this
issue to obtain potentially sensitive server information. (CVE-2021-20289)
It was discovered that RESTEasy used improper permissions when creating
temporary files. An attacker could possibly use this issue to get access to
sensitive data. (CVE-2023-0482)
It was discovered that RESTEasy improperly handled certain HTTP requests
containing ASCII control characters. An attacker could possibly use this
issue to cause a denial of service. (CVE-2024-9622)
Solution
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.