Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. This only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users. Version 4.1.77.Final contains a patch for this vulnerability. As a workaround, specify one's own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the directory to something that is only readable by the current user.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2096-2 advisory.

  - Netty is an open-source, asynchronous event-driven network application framework. The package     `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290.
    When Netty's multipart decoders are used local information disclosure can occur via the local system     temporary directory if temporary storing uploads on the disk is enabled. This only impacts applications     running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like     systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory     between all users. Version 4.1.77.Final contains a patch for this vulnerability. As a workaround, specify     one's own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the     directory to something that is only readable by the current user. (CVE-2022-24823)

  - Netty project is an event-driven asynchronous network application framework. In versions prior to     4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an     infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a     custom HaProxyMessageDecoder. (CVE-2022-41881)

  - Netty project is an event-driven asynchronous network application framework. Starting in version     4.1.83.Final and prior to 4.1.86.Final, when calling `DefaultHttpHeadesr.set` with an _iterator_ of     values, header value validation was not performed, allowing malicious header values in the iterator to     perform HTTP Response Splitting. This issue has been patched in version 4.1.86.Final. Integrators can work     around the issue by changing the `DefaultHttpHeaders.set(CharSequence, Iterator<?>)` call, into a     `remove()` call, and call `add()` in a loop over the iterator of values. (CVE-2022-41915)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2096-1 advisory.

  - Netty is an open-source, asynchronous event-driven network application framework. The package     `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290.
    When Netty's multipart decoders are used local information disclosure can occur via the local system     temporary directory if temporary storing uploads on the disk is enabled. This only impacts applications     running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like     systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory     between all users. Version 4.1.77.Final contains a patch for this vulnerability. As a workaround, specify     one's own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the     directory to something that is only readable by the current user. (CVE-2022-24823)

  - Netty project is an event-driven asynchronous network application framework. In versions prior to     4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an     infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a     custom HaProxyMessageDecoder. (CVE-2022-41881)

  - Netty project is an event-driven asynchronous network application framework. Starting in version     4.1.83.Final and prior to 4.1.86.Final, when calling `DefaultHttpHeadesr.set` with an _iterator_ of     values, header value validation was not performed, allowing malicious header values in the iterator to     perform HTTP Response Splitting. This issue has been patched in version 4.1.86.Final. Integrators can work     around the issue by changing the `DefaultHttpHeaders.set(CharSequence, Iterator<?>)` call, into a     `remove()` call, and call `add()` in a loop over the iterator of values. (CVE-2022-41915)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 53caf29b-9180-11ed-acbe-b42e991fc52e advisory.

  - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported     versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to     exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to     compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized     creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible     data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java     Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g.,     code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also     be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to     the APIs. (CVE-2019-2684)

  - Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such     as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because     of an incomplete fix for CVE-2019-16869. (CVE-2020-7238)

  - Netty is an open-source, asynchronous event-driven network application framework. The package     `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290.
    When Netty's multipart decoders are used local information disclosure can occur via the local system     temporary directory if temporary storing uploads on the disk is enabled. This only impacts applications     running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like     systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory     between all users. Version 4.1.77.Final contains a patch for this vulnerability. As a workaround, specify     one's own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the     directory to something that is only readable by the current user. (CVE-2022-24823)

  - The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due     missing to nested depth limitation for collections. (CVE-2022-25857)

  - In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a     check in primitive value deserializers to avoid deep wrapper array nesting, when the     UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. Additional fix version in 2.13.4.1 and 2.12.17.1     (CVE-2022-42003)

  - In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in     BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is     vulnerable only with certain customized choices for deserialization. (CVE-2022-42004)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The 12.2.1.4.0 and 14.1.1.0.0 versions of Coherence installed on the remote host are affected by an unauthorized access vulnerability as referenced in the Oct 2022 CPU advisory. This easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Coherence executes to compromise Oracle Coherence. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Coherence accessible data. 

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Oracle WebCenter Portal installed on the remote host is missing a security patch from the Oct 2022 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilites:

  - Vulnerability in the Oracle Communications Convergence product of Oracle Communications Applications (component:     Framework (dojo)). The supported version that is affected is 3.0.3.0. Easily exploitable vulnerability allows     unauthenticated attacker with network access via HTTP to compromise Oracle Communications Convergence. Successful     attacks of this vulnerability can result in takeover of Oracle Communications Convergence. (CVE-2021-23450)

  - Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework     (jackson-databind)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable     vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal.     Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently     repeatable crash (complete DOS) of Oracle WebCenter Portal. (CVE-2020-36518)

  - Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework     (Apache Santuario XML Security For Java)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0.     Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle     WebCenter Portal. Successful attacks of this vulnerability can result in unauthorized access to critical data or     complete access to all Oracle WebCenter Portal accessible data. (CVE-2021-40690)

Note that Nessus has not attempted to exploit this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5894 advisory.

  - minimist: prototype pollution (CVE-2021-44906)

  - netty: world readable temporary file containing sensitive data (CVE-2022-24823)

  - com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson (CVE-2022-25647)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5893 advisory.

  - minimist: prototype pollution (CVE-2021-44906)

  - netty: world readable temporary file containing sensitive data (CVE-2022-24823)

  - com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson (CVE-2022-25647)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5892 advisory.

  - minimist: prototype pollution (CVE-2021-44906)

  - netty: world readable temporary file containing sensitive data (CVE-2022-24823)

  - com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson (CVE-2022-25647)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
177502	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : netty, netty-tcnative (SUSE-SU-2023:2096-2)	Nessus	SuSE Local Security Checks	medium
175387	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : netty, netty-tcnative (SUSE-SU-2023:2096-1)	Nessus	SuSE Local Security Checks	medium
169936	FreeBSD : cassandra3 -- multiple vulnerabilities (53caf29b-9180-11ed-acbe-b42e991fc52e)	Nessus	FreeBSD Local Security Checks	high
166378	Oracle Coherence Unauthorized Access (Oct 2022 CPU)	Nessus	Misc.	medium
166335	Oracle WebCenter Portal Multiple Vulnerabilities (Oct 2022 CPU)	Nessus	Misc.	critical
163916	RHEL 9 : Red Hat JBoss Enterprise Application Platform 7.4.6 Security update. (Moderate) (RHSA-2022:5894)	Nessus	Red Hat Local Security Checks	critical
163797	RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.6 Security update (Moderate) (RHSA-2022:5893)	Nessus	Red Hat Local Security Checks	critical
163796	RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.6 Security update (Moderate) (RHSA-2022:5892)	Nessus	Red Hat Local Security Checks	critical

Detections

Analytics

CVE-2022-24823

medium

Tenable Plugins

medium

medium

high

medium

critical

critical

critical

critical