A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system (it applies to servers and clients).

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:10926 advisory.

    Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly     application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.23 serves as a     replacement for Red Hat JBoss Enterprise Application Platform 7.4.22, and includes bug fixes and     enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.23 Release Notes for information     about the most significant bug fixes and enhancements included in this release.

    Security Fix(es):

    * commons-beanutils-core: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's     declaredClass property by default [eap-7.4.z] (CVE-2025-48734)

    * commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's     declaredClass property by default [eap-7.4.z] (CVE-2025-48734)

    * commons-beanutils-commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an     enum's declaredClass property by default [eap-7.4.z] (CVE-2025-48734)

    * hibernate-validator: Hibernate Validator Expression Language Injection [eap-7.4.z] (CVE-2025-35036)

    * org.wildfly.core/wildfly-core-management-subsystem: Wildfly vulnerable to Cross-Site Scripting (XSS)     [eap-7.4.z] (CVE-2024-10234)

    * org.apache.cxf/cxf-core: Apache CXF: Denial of Service vulnerability with temporary files [eap-7.4.z]     (CVE-2025-23184)

    * org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console [eap-7.4.z]     (CVE-2025-2901)

    * wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution [eap-7.4.z]     (CVE-2025-2251)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:10925 advisory.

    Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly     application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.23 serves as a     replacement for Red Hat JBoss Enterprise Application Platform 7.4.22, and includes bug fixes and     enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.23 Release Notes for information     about the most significant bug fixes and enhancements included in this release.

    Security Fix(es):

    * commons-beanutils-core: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's     declaredClass property by default [eap-7.4.z] (CVE-2025-48734)

    * commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's     declaredClass property by default [eap-7.4.z] (CVE-2025-48734)

    * commons-beanutils-commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an     enum's declaredClass property by default [eap-7.4.z] (CVE-2025-48734)

    * hibernate-validator: Hibernate Validator Expression Language Injection [eap-7.4.z] (CVE-2025-35036)

    * org.wildfly.core/wildfly-core-management-subsystem: Wildfly vulnerable to Cross-Site Scripting (XSS)     [eap-7.4.z] (CVE-2024-10234)

    * org.apache.cxf/cxf-core: Apache CXF: Denial of Service vulnerability with temporary files [eap-7.4.z]     (CVE-2025-23184)

    * org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console [eap-7.4.z]     (CVE-2025-2901)

    * wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution [eap-7.4.z]     (CVE-2025-2251)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:10924 advisory.

    Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly     application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.23 serves as a     replacement for Red Hat JBoss Enterprise Application Platform 7.4.22, and includes bug fixes and     enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.23 Release Notes for information     about the most significant bug fixes and enhancements included in this release.

    Security Fix(es):

    * commons-beanutils-core: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's     declaredClass property by default [eap-7.4.z] (CVE-2025-48734)

    * commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's     declaredClass property by default [eap-7.4.z] (CVE-2025-48734)

    * commons-beanutils-commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an     enum's declaredClass property by default [eap-7.4.z] (CVE-2025-48734)

    * hibernate-validator: Hibernate Validator Expression Language Injection [eap-7.4.z] (CVE-2025-35036)

    * org.wildfly.core/wildfly-core-management-subsystem: Wildfly vulnerable to Cross-Site Scripting (XSS)     [eap-7.4.z] (CVE-2024-10234)

    * org.apache.cxf/cxf-core: Apache CXF: Denial of Service vulnerability with temporary files [eap-7.4.z]     (CVE-2025-23184)

    * org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console [eap-7.4.z]     (CVE-2025-2901)

    * wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution [eap-7.4.z]     (CVE-2025-2251)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:10452 advisory.

    Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly     application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.0.8 serves as a     replacement for Red Hat JBoss Enterprise Application Platform 8.0.7, and includes bug fixes and     enhancements. See the Red Hat JBoss Enterprise Application Platform 8.0.8 Release Notes for information     about the most significant bug fixes and enhancements included in this release.

    Security Fix(es):

    * org.jboss.hal-hal-parent: base-x homograph attack allows Unicode lookalike characters to bypass     validation. [eap-8.0.z] (CVE-2025-27611)

    * org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console [eap-8.0.z]     (CVE-2025-2901)

    * wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution [eap-8.0.z]     (CVE-2025-2251)

    * org.apache.cxf/cxf-core: Apache CXF: Denial of Service vulnerability with temporary files [eap-8.0.z]     (CVE-2025-23184)

    * commons-beanutils-commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an     enum's declaredClass property by default [eap-8.0.z] (CVE-2025-48734)

    * commons-beanutils-core: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's     declaredClass property by default [eap-8.0.z] (CVE-2025-48734)

    * org.jboss.eap-jboss-eap-xp: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's     declaredClass property by default [eap-8.0.z] (CVE-2025-48734)

    * commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's     declaredClass property by default [eap-8.0.z] (CVE-2025-48734)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:10453 advisory.

    Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly     application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.0.8 serves as a     replacement for Red Hat JBoss Enterprise Application Platform 8.0.7, and includes bug fixes and     enhancements. See the Red Hat JBoss Enterprise Application Platform 8.0.8 Release Notes for information     about the most significant bug fixes and enhancements included in this release.

    Security Fix(es):

    * org.jboss.hal-hal-parent: base-x homograph attack allows Unicode lookalike characters to bypass     validation. [eap-8.0.z] (CVE-2025-27611)

    * org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console [eap-8.0.z]     (CVE-2025-2901)

    * wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution [eap-8.0.z]     (CVE-2025-2251)

    * org.apache.cxf/cxf-core: Apache CXF: Denial of Service vulnerability with temporary files [eap-8.0.z]     (CVE-2025-23184)

    * commons-beanutils-commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an     enum's declaredClass property by default [eap-8.0.z] (CVE-2025-48734)

    * commons-beanutils-core: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's     declaredClass property by default [eap-8.0.z] (CVE-2025-48734)

    * org.jboss.eap-jboss-eap-xp: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's     declaredClass property by default [eap-8.0.z] (CVE-2025-48734)

    * commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's     declaredClass property by default [eap-8.0.z] (CVE-2025-48734)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of AOS installed on the remote host is prior to 7.3. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-7.3 advisory.

  - BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many     selectors. (CVE-2019-12900)

  - Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information     disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache     Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34,     from 9.0.0.M1 through 9.0.98. If all of the following were true, a malicious user was able to view     security sensitive files and/or inject content into those files: - writes enabled for the default servlet     (disabled by default) - support for partial PUT (enabled by default) - a target URL for security sensitive     uploads that was a sub-directory of a target URL for public uploads - attacker knowledge of the names of     security sensitive files being uploaded - the security sensitive files also being uploaded via partial PUT     If all of the following were true, a malicious user was able to perform remote code execution: - writes     enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) -     application was using Tomcat's file based session persistence with the default storage location -     application included a library that may be leveraged in a deserialization attack Users are recommended to     upgrade to version 11.0.3, 10.1.35 or 9.0.99, which fixes the issue. (CVE-2025-24813)

  - It is possible to construct a zone such that some queries to it will generate responses containing     numerous records in the Additional section. An attacker sending many such queries can cause either the     authoritative server itself or an independent resolver to use disproportionate resources processing the     queries. Zones will usually need to have been deliberately crafted to attack this exposure. This issue     affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0     through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and     9.18.11-S1 through 9.18.32-S1. (CVE-2024-11187)

  - A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an     attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and     uninitialized memory and leak one byte of uninitialized stack data at a time. (CVE-2024-12085)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of     Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE:8u441,     8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for JDK:17.0.14, 21.0.6, 24; Oracle GraalVM     Enterprise Edition:20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker     with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle     GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation,     deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle     GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete     access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.
    Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web     service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in     clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run     untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security.
    (CVE-2025-21587)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of AOS installed on the remote host is prior to 6.8.1.8. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.8.1.8 advisory.

  - BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many     selectors. (CVE-2019-12900)

  - The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to     it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to     crash an application or overwrite a neighbouring variable. (CVE-2024-2961)

  - In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option>     elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods     (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
    (CVE-2020-11023)

  - xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. (CVE-2022-49043)

  - Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed     environment detects calls to str.format allows an attacker that controls the content of a template to     execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a     template. Whether that is the case depends on the type of application using Jinja. This vulnerability     impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to     str.format and ensures they don't escape the sandbox. However, it's possible to store a reference to a     malicious string's format method, then pass that to a filter that calls it. No such filters are built-in     to Jinja, but could be present through custom filters in an application. After the fix, such indirect     calls are also handled by the sandbox. This vulnerability is fixed in 3.1.5. (CVE-2024-56326)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of AOS installed on the remote host is prior to 7.0.1.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-7.0.1.5 advisory.

  - BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many     selectors. (CVE-2019-12900)

  - The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to     it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to     crash an application or overwrite a neighbouring variable. (CVE-2024-2961)

  - In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option>     elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods     (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
    (CVE-2020-11023)

  - xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. (CVE-2022-49043)

  - It is possible to construct a zone such that some queries to it will generate responses containing     numerous records in the Additional section. An attacker sending many such queries can cause either the     authoritative server itself or an independent resolver to use disproportionate resources processing the     queries. Zones will usually need to have been deliberately crafted to attack this exposure. This issue     affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0     through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and     9.18.11-S1 through 9.18.32-S1. (CVE-2024-11187)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

In versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6, a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the application to run  out of memory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
242091	RHEL 9 : Red Hat JBoss Enterprise Application Platform 7.4.23 Security update (Important) (RHSA-2025:10926)	Nessus	Red Hat Local Security Checks	medium
242087	RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.23 Security update (Important) (RHSA-2025:10925)	Nessus	Red Hat Local Security Checks	medium
242083	RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.23 Security update (Important) (RHSA-2025:10924)	Nessus	Red Hat Local Security Checks	medium
241447	RHEL 8 : Red Hat JBoss Enterprise Application Platform 8.0.8 Security update (Important) (RHSA-2025:10452)	Nessus	Red Hat Local Security Checks	high
241443	RHEL 9 : Red Hat JBoss Enterprise Application Platform 8.0.8 Security update (Important) (RHSA-2025:10453)	Nessus	Red Hat Local Security Checks	high
240536	Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-7.3)	Nessus	Misc.	high
235609	Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.8.1.8)	Nessus	Misc.	medium
235608	Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-7.0.1.5)	Nessus	Misc.	critical
214573	Apache CXF < 3.5.10 , 3.6.x < 3.6.5, 4.0.x < 4.0.6 DoS	Nessus	Misc.	high

Detections

Analytics

CVE-2025-23184

high

Tenable Plugins

medium

medium

medium

high

high

high

medium

critical

high