The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2513 advisory.

  - mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter (CVE-2018-14371)

  - thrift: Endless loop when feed with specific input data (CVE-2019-0205)

  - thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol (CVE-2019-0210)

  - jackson-mapper-asl: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)

  - cxf: OpenId Connect token service does not properly validate the clientId (CVE-2019-12423)

  - wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is     in use (CVE-2019-14887)

  - cxf: reflected XSS in the services listing page (CVE-2019-17573)

  - resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)

  - Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security     Domain (CVE-2020-1719)

  - SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current     threads context class loader (CVE-2020-1729)

  - undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)

  - undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could     result in security bypass (CVE-2020-1757)

  - Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of     CVE-2018-14371 (CVE-2020-6950)

  - cryptacular: excessive memory allocation during a decode operation (CVE-2020-7226)

  - jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)

  - jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)

  - jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)

  - jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)

  - RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack (CVE-2020-10688)

  - undertow: Memory exhaustion issue in HttpReadListener via Expect: 100-continue header (CVE-2020-10705)

  - undertow: invalid HTTP request with large chunk size (CVE-2020-10719)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.3.1 Security update (Important) (RHSA-2020:2513)

critical Nessus Plugin ID 137334

Version 1.11