The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2512 advisory.

  - CVE-2020-6950 Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of     (CVE-2018-14371)

  - thrift: Endless loop when feed with specific input data (CVE-2019-0205)

  - thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol (CVE-2019-0210)

  - jackson-mapper-asl: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)

  - cxf: OpenId Connect token service does not properly validate the clientId (CVE-2019-12423)

  - wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is     in use (CVE-2019-14887)

  - cxf: reflected XSS in the services listing page (CVE-2019-17573)

  - RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack (CVE-2020-10688)

  - undertow: Memory exhaustion issue in HttpReadListener via Expect: 100-continue header (CVE-2020-10705)

  - undertow: invalid HTTP request with large chunk size (CVE-2020-10719)

  - resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)

  - Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security     Domain (CVE-2020-1719)

  - SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current     threads context class loader (CVE-2020-1729)

  - undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)

  - undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could     result in security bypass (CVE-2020-1757)

  - Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of     CVE-2018-14371 (CVE-2020-6950)

  - cryptacular: excessive memory allocation during a decode operation (CVE-2020-7226)

  - jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)

  - jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)

  - jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)

  - jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.3.1 Security update (Important) (RHSA-2020:2512)

critical Nessus Plugin ID 137333

Version 1.10

Version 1.9

Version 1.8

Version 1.10 Mar 7, 2024, 3:19 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") CVSSv3 score source (set to "CVE-2020-9548") Exploit attributes ("Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202403071519
Version 1.9 Jan 23, 2023, 7:12 PM Logic Changes (Added support for repository relative URLs) Plugin Feed: 202301231912
Version 1.8 Dec 6, 2022, 6:53 AM Reference Plugin Feed: 202212060653