The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2472 advisory.

  - libcurl: partial password leak over DNS on HTTP redirect (CVE-2020-8169)

  - curl: FTP PASV command response can cause curl to connect to arbitrary host (CVE-2020-8284)

  - curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used     (CVE-2020-8285)

  - curl: Inferior OCSP verification (CVE-2020-8286)

  - curl: Leak of authentication credentials in URL via automatic Referer (CVE-2021-22876)

  - curl: TLS 1.3 session ticket mix-up with HTTPS proxy host (CVE-2021-22890)

  - curl: Use-after-free in TLS session handling when using OpenSSL TLS backend (CVE-2021-22901)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 7 / 8 : Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP8 (RHSA-2021:2472)

high Nessus Plugin ID 150852

Version 1.11