The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0248 advisory.

  - apache-httpclient: incorrect handling of malformed authority component in request URIs (CVE-2020-13956)

  - resteasy-client: potential sensitive information leakage in JAX-RS RESTEasy Client's     WebApplicationException handling (CVE-2020-25633)

  - wildfly: resource adapter logs plaintext JMS password at warning level on connection error     (CVE-2020-25640)

  - wildfly-core: memory leak in WildFly host-controller in domain mode while not able to reconnect to domain-     controller (CVE-2020-25689)

  - undertow: special character in query results in server errors (CVE-2020-27782)

  - wildfly: Potential Memory leak in Wildfly when using OpenTracing (CVE-2020-27822)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.3.5 (RHSA-2021:0248)

medium Nessus Plugin ID 145407

Version 1.13

Version 1.12

Version 1.11

Version 1.13 Jan 26, 2024, 3:21 PM Exploit attributes ("Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") Plugin Feed: 202401261521
Version 1.12 Jan 23, 2023, 7:12 PM Logic Changes (Added support for repository relative URLs) Plugin Feed: 202301231912
Version 1.11 Dec 6, 2022, 2:54 AM Reference Plugin Feed: 202212060254