The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0874 advisory.

  - guava: local information disclosure via temporary directory created with unsafe permissions     (CVE-2020-8908)

  - Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests     (CVE-2020-10687)

  - bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible (CVE-2020-28052)

  - jboss-remoting: Threads hold up forever in the EJB server by suppressing the ack from an EJB client     (CVE-2020-35510)

  - undertow: Possible regression in fix for CVE-2020-10687 (CVE-2021-20220)

  - wildfly: Information disclosure due to publicly accessible privileged actions in JBoss EJB Client     (CVE-2021-20250)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.3.6 (RHSA-2021:0874)

high Nessus Plugin ID 147838

Version 1.13

Version 1.12

Version 1.11

Version 1.10

Version 1.13 Apr 28, 2024, 2:25 PM Detection (updated detection logic) Plugin metadata Reference Plugin Feed: 202404281425
Version 1.12 Jan 9, 2024, 3:00 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202401091500
Version 1.11 Jan 23, 2023, 7:12 PM Logic Changes (Added support for repository relative URLs) Plugin Feed: 202301231912
Version 1.10 Dec 6, 2022, 2:54 AM Reference Plugin Feed: 202212060254