An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can cause denial of service when parsing multipart MIME messages. The patch set (from 2020 and 2024) limits excessive depth and the total number of parts.

The versions of Oracle Siebel CRM installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2025 CPU advisory.

  - An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can cause denial of service     when parsing multipart MIME messages. The patch set (from 2020 and 2024) limits excessive depth and the total number     of parts. (CVE-2024-4140)

  - In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon     receiving a large invalid TLS frame. (CVE-2021-28165)

  - Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request     URIs passed to the library as java.net.URI object and pick the wrong target host for request execution. (CVE-2020-13956)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can cause denial     of service when parsing multipart MIME messages. The patch set (from 2020 and 2024) limits excessive depth     and the total number of parts. (CVE-2024-4140)

Note that Nessus relies on the presence of the package as reported by the vendor.

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-032e16360b advisory.

    This update, to the latest upstream release, addresses an excessive memory use issue (CVE-2024-4140),     which can cause denial of service when parsing multi-part MIME messages; the fix is the new $MAX_PARTS     configuration, which limits how many parts will be considered for parsing, defaulting to 100.

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-38fb541a75 advisory.

    This update, to the latest upstream release, addresses an excessive memory use issue (CVE-2024-4140),     which can cause denial of service when parsing multi-part MIME messages; the fix is the new $MAX_PARTS     configuration, which limits how many parts will be considered for parsing, defaulting to 100.

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
271379	Oracle Siebel Server prior to 25.7 (October 2025 CPU)	Nessus	Misc.	high
228458	Linux Distros Unpatched Vulnerability : CVE-2024-4140	Nessus	Misc.	high
197911	Fedora 40 : perl-Email-MIME (2024-032e16360b)	Nessus	Fedora Local Security Checks	high
197910	Fedora 39 : perl-Email-MIME (2024-38fb541a75)	Nessus	Fedora Local Security Checks	high

Detections

Analytics

CVE-2024-4140

high

Tenable Plugins

high

high

high

high