path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a DoS. The bad regular expression is generated any time you have two parameters within a single segment, separated by something that is not a period (.). For users of 0.1, upgrade to 0.1.10. All other users should upgrade to 8.0.0.

The version of IBM Spectrum Protect Plus Web UI installed on the remote host is prior to 10.1.17.1 IBM Spectrum Protect Plus. It is, therefore, affected by multiple vulnerabilities as referenced in the 7237702 advisory.

  - This affects the package node-notifier before 9.0.0. It allows an attacker to run arbitrary commands on     Linux machines due to the options params not being sanitised when being passed an array. (CVE-2020-7789)

  - Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a     response containing data intended for one client may be cached and subsequently sent by the proxy to other     clients. If the proxy also caches `Set-Cookie` headers, it may send one client's `session` cookie to other     clients. The severity depends on the application's use of the session and the proxy's behavior regarding     cookies. The risk depends on all these conditions being met. 1. The application must be hosted behind a     caching proxy that does not strip cookies or ignore responses with cookies. 2. The application sets     `session.permanent = True` 3. The application does not access or modify the session at any point during a     request. 4. `SESSION_REFRESH_EACH_REQUEST` enabled (the default). 5. The application does not set a     `Cache-Control` header to indicate that a page is private or should not be cached. This happens because     vulnerable versions of Flask only set the `Vary: Cookie` header when the session is accessed or modified,     not when it is refreshed (re-sent to update the expiration) without being accessed or modified. This issue     has been fixed in versions 2.3.2 and 2.2.5. (CVE-2023-30861)

  - Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to     destination servers when redirected to an HTTPS endpoint. This is a product of how we use     `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent     through the tunnel, the proxy will identify the header in the request itself and remove it prior to     forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must     be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in     Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious     actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0.
    (CVE-2023-32681)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output     a regular expression that can be exploited to cause poor performance. Because JavaScript is single     threaded and regex matching runs on the main thread, poor performance will block the event loop and lead     to a DoS. The bad regular expression is generated any time you have two parameters within a single     segment, separated by something that is not a period (.). For users of 0.1, upgrade to 0.1.10. All other     users should upgrade to 8.0.0. (CVE-2024-45296)

Note that Nessus relies on the presence of the package as reported by the vendor.

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:10762 advisory.

    Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing     IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to     individual teams, while automation developers retain the freedom to write tasks that leverage existing     knowledge without the overhead. Ansible Automation Platform makes it possible for users across an     organization to share, vet, and manage automation content by means of a simple, powerful, and agentless     language.

    Security Fix(es):
    * automation-controller: dompurify: XSS vulnerability via prototype pollution (CVE-2024-45801)
    * automation-controller: path-to-regexp: Backtracking regular expressions cause ReDoS (CVE-2024-45296)
    * ansible-core: Exposure of Sensitive Information in Ansible Vault Files Due to Improper Logging     (CVE-2024-8775)
    * ansible-core: ansible-core user may read/write unauthorized content (CVE-2024-9902)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Updates and fixes for automation controller:
    * Fix job schedules running at incorrect times when rrule interval was set to HOURLY or MINUTELY     (AAP-36573)
    * Fixed an issue where sensitive data was displayed in the job output (AAP-35582)
    * With this update, you can now save a constructed inventory when verbosity is greater than 2 (AAP-35570)
    * Fix bug where unrelated jobs could be marked as a dependency of other jobs (AAP-35310)
    * Add support for receiving webhooks from Bitbucket Data Center, and add support for posting build     statuses back (AAP-35013)
    * Notification List no longer errors when notifications have a missing or null organization field     (AAP-34051)
    * Fixed an issue where Thycotic secret server credentials form fields were mis-matched (AAP-31236)
    * automation-controller has been updated to 4.5.13

    Updates and fixes for receptor:
    * Fixed an issue that caused a Receptor runtime panic error (AAP-36477)
    * receptor has been updated to 1.5.1

    Updates and fixes for installer and setup:
    * Receptor data directory can now be configured using 'receptor_datadir' variable (AAP-36699)
    * Fixed issue where metrics-utility command failed to run after updating Automation controller (AAP-36567)
    * Fix issue where the dispatcher service went into FATAL status and failed to process new jobs after a     database outage of a few minutes (AAP-36456)
    * Fixed an issue that caused incorrect IDs for RBAC in the database following a backup restore (AAP-35311)
    * With this update, installer tasks that include CA or key information are obfuscated (AAP-27480)
    * installer and setup have been updated to 2.4-8

    Note: The 2.4-8 installer can restore a backup created with 2.4-8 or later only. Ensure that you make a     backup before and after the upgrade to 2.4-8 or later.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of reaper installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-45296 advisory.

  - path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output     a regular expression that can be exploited to cause poor performance. Because JavaScript is single     threaded and regex matching runs on the main thread, poor performance will block the event loop and lead     to a DoS. The bad regular expression is generated any time you have two parameters within a single     segment, separated by something that is not a period (.). For users of 0.1, upgrade to 0.1.10. All other     users should upgrade to 8.0.0. (CVE-2024-45296)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
240343	IBM Spectrum Protect Plus Web UI 10.1.0 < 10.1.17.1 (7237702)	Nessus	Misc.	high
229239	Linux Distros Unpatched Vulnerability : CVE-2024-45296	Nessus	Misc.	high
212033	RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update (Moderate) (RHSA-2024:10762)	Nessus	Red Hat Local Security Checks	high
209179	CBL Mariner 2.0 Security Update: reaper (CVE-2024-45296)	Nessus	MarinerOS Local Security Checks	high

Detections

Analytics

CVE-2024-45296

high

Tenable Plugins

high

high

high

high