A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system (it applies to servers and clients).

The version of AOS installed on the remote host is prior to 6.8.1.8. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.8.1.8 advisory.

  - BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many     selectors. (CVE-2019-12900)

  - The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to     it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to     crash an application or overwrite a neighbouring variable. (CVE-2024-2961)

  - In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option>     elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods     (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
    (CVE-2020-11023)

  - xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. (CVE-2022-49043)

  - Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed     environment detects calls to str.format allows an attacker that controls the content of a template to     execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a     template. Whether that is the case depends on the type of application using Jinja. This vulnerability     impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to     str.format and ensures they don't escape the sandbox. However, it's possible to store a reference to a     malicious string's format method, then pass that to a filter that calls it. No such filters are built-in     to Jinja, but could be present through custom filters in an application. After the fix, such indirect     calls are also handled by the sandbox. This vulnerability is fixed in 3.1.5. (CVE-2024-56326)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of AOS installed on the remote host is prior to 7.0.1.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-7.0.1.5 advisory.

  - BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many     selectors. (CVE-2019-12900)

  - The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to     it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to     crash an application or overwrite a neighbouring variable. (CVE-2024-2961)

  - In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option>     elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods     (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
    (CVE-2020-11023)

  - xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. (CVE-2022-49043)

  - It is possible to construct a zone such that some queries to it will generate responses containing     numerous records in the Additional section. An attacker sending many such queries can cause either the     authoritative server itself or an independent resolver to use disproportionate resources processing the     queries. Zones will usually need to have been deliberately crafted to attack this exposure. This issue     affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0     through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and     9.18.11-S1 through 9.18.32-S1. (CVE-2024-11187)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

In versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6, a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the application to run  out of memory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
235609	Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.8.1.8)	Nessus	Misc.	medium
235608	Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-7.0.1.5)	Nessus	Misc.	critical
214573	Apache CXF < 3.5.10 , 3.6.x < 3.6.5, 4.0.x < 4.0.6 DoS	Nessus	Misc.	high

Detections

Analytics

CVE-2025-23184

high

Tenable Plugins

medium

critical

high