The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0247 advisory.

  - apache-httpclient: incorrect handling of malformed authority component in request URIs (CVE-2020-13956)

  - resteasy-client: potential sensitive information leakage in JAX-RS RESTEasy Client's     WebApplicationException handling (CVE-2020-25633)

  - wildfly: resource adapter logs plaintext JMS password at warning level on connection error     (CVE-2020-25640)

  - wildfly-core: memory leak in WildFly host-controller in domain mode while not able to reconnect to domain-     controller (CVE-2020-25689)

  - undertow: special character in query results in server errors (CVE-2020-27782)

  - wildfly: Potential Memory leak in Wildfly when using OpenTracing (CVE-2020-27822)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.3.5 (RHSA-2021:0247)

medium Nessus Plugin ID 145405

Version 1.13