Packages
- resteasy - A project that provides various frameworks to help you build RESTful Web Services and RESTful Java applications
- resteasy3.0 - A project that provides various frameworks to help you build RESTful Web Services and RESTful Java applications
Details
It was discovered that RESTEasy made insufficient use of random values in
asynchronous jobs. An attacker could possibly use this issue to steal
user data. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-6345)
It was discovered that RESTEasy enabled a vulnerable GZIP decompression
module by default. An attacker could possibly use this issue to cause a
denial of service. This issue only affected Ubuntu 14.04 LTS.
(CVE-2016-6346)
It was discovered that RESTEasy improperly made use of unsanitized data
while handling certain errors. An attacker could possibly use this issue
to cause a denial of service or execute arbitrary code.
This issue only affected Ubuntu 14.04 LTS. (CVE-2016-6347)
It was discovered that RESTEasy enabled a vulnerable JSON manipulation
module by default. An attacker could possibly use this...
It was discovered that RESTEasy made insufficient use of random values in
asynchronous jobs. An attacker could possibly use this issue to steal
user data. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-6345)
It was discovered that RESTEasy enabled a vulnerable GZIP decompression
module by default. An attacker could possibly use this issue to cause a
denial of service. This issue only affected Ubuntu 14.04 LTS.
(CVE-2016-6346)
It was discovered that RESTEasy improperly made use of unsanitized data
while handling certain errors. An attacker could possibly use this issue
to cause a denial of service or execute arbitrary code.
This issue only affected Ubuntu 14.04 LTS. (CVE-2016-6347)
It was discovered that RESTEasy enabled a vulnerable JSON manipulation
module by default. An attacker could possibly use this issue to cause a
denial of service or execute arbitrary code.
This issue only affected Ubuntu 14.04 LTS. (CVE-2016-6348)
It was discovered that RESTEasy enabled a vulnerable deserialization
module by default. An attacker could possibly use this issue to cause a
denial of service or execute arbitrary code.
This issue only affected Ubuntu 14.04 LTS. (CVE-2016-7050)
Nikos Papadopoulos discovered that RESTEasy improperly handled URL encoding
when certain errors occur. An attacker could possibly use this issue to
modify the app's behavior for other users throughout the network.
This issue did not affect resteasy3.0 in Ubuntu 24.04 LTS, Ubuntu 24.10,
and Ubuntu 25.04. (CVE-2020-10688)
Mirko Selber discovered that RESTEasy improperly validated user input
during HTTP response construction. An attacker could possibly use this
issue to to cause a denial of service or execute arbitrary code.
This issue did not affect resteasy3.0 in Ubuntu 22.04 LTS,
Ubuntu 24.04 LTS, Ubuntu 24.10, and Ubuntu 25.04. (CVE-2020-1695)
It was discovered that RESTEasy improperly handled receiving the
WebApplicationException during a client call. An attacker could possibly
use this issue to obtain potentially sensitive server information.
(CVE-2020-25633)
It was discovered that RESTEasy improperly populated exception responses
with endpoint class and method names. An attacker could possibly use this
issue to obtain potentially sensitive server information. (CVE-2021-20289)
It was discovered that RESTEasy used improper permissions when creating
temporary files. An attacker could possibly use this issue to get access to
sensitive data. (CVE-2023-0482)
It was discovered that RESTEasy improperly handled certain HTTP requests
containing ASCII control characters. An attacker could possibly use this
issue to cause a denial of service. (CVE-2024-9622)
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 25.04 plucky | libresteasy-java – 3.6.2-3ubuntu0.25.04.1 | ||
| libresteasy3.0-java – 3.0.26-6ubuntu0.25.04.1 | |||
| 24.10 oracular | libresteasy3.0-java – 3.0.26-6ubuntu0.24.10.1 | ||
| 24.04 noble | libresteasy3.0-java – 3.0.26-6ubuntu0.24.04.1 | ||
| 22.04 jammy | libresteasy3.0-java – 3.0.26-3ubuntu0.1 | ||
| 20.04 focal | libresteasy3.0-java – 3.0.26-1ubuntu0.1~esm1 | ||
| 18.04 bionic | libresteasy3.0-java – 3.0.26-1~18.04.1~esm1 | ||
| 16.04 xenial | libresteasy-java – 3.0.6-3ubuntu0.1~esm1 | ||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.
References
- CVE-2024-9622
- CVE-2023-0482
- CVE-2021-20289
- CVE-2020-25633
- CVE-2020-1695
- CVE-2020-10688
- CVE-2016-7050
- CVE-2016-6348
- CVE-2016-6347
- CVE-2016-6346
- CVE-2024-9622
- CVE-2023-0482
- CVE-2021-20289
- CVE-2020-25633
- CVE-2020-1695
- CVE-2020-10688
- CVE-2016-7050
- CVE-2016-6348
- CVE-2016-6347
- CVE-2016-6346
- CVE-2016-6345