The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:2764 advisory.

  - undertow: unrestricted request storage leads to memory exhaustion (CVE-2023-1973)

  - undertow: Cookie Smuggling/Spoofing (CVE-2023-4639)

  - A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a     specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit     access to privileged or restricted files and directories. (CVE-2024-1459)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1674 advisory.

  - undertow: unrestricted request storage leads to memory exhaustion (CVE-2023-1973)

  - undertow: Cookie Smuggling/Spoofing (CVE-2023-4639)

  - ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)

  - undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol     (CVE-2024-1635)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1676 advisory.

  - undertow: unrestricted request storage leads to memory exhaustion (CVE-2023-1973)

  - undertow: Cookie Smuggling/Spoofing (CVE-2023-4639)

  - ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)

  - undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol     (CVE-2024-1635)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1675 advisory.

  - undertow: unrestricted request storage leads to memory exhaustion (CVE-2023-1973)

  - undertow: Cookie Smuggling/Spoofing (CVE-2023-4639)

  - ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)

  - undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol     (CVE-2024-1635)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
195174	RHEL 8 / 9 : Red Hat JBoss Enterprise Application Platform 8.0 (RHSA-2024:2764)	Nessus	Red Hat Local Security Checks	medium
192931	RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.16 Security update (Important) (RHSA-2024:1674)	Nessus	Red Hat Local Security Checks	medium
192930	RHEL 9 : Red Hat JBoss Enterprise Application Platform 7.4.16 Security update (Important) (RHSA-2024:1676)	Nessus	Red Hat Local Security Checks	medium
192929	RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.16 Security update (Important) (RHSA-2024:1675)	Nessus	Red Hat Local Security Checks	medium

Detections

Analytics

CVE-2023-4639

high

Tenable Plugins

medium

medium

medium

medium