The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5460 advisory.

  - tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS     (CVE-2020-13935)

  - jbossweb: Incomplete fix of CVE-2020-13935 for WebSocket in JBossWeb could lead to DoS (CVE-2020-14384)

  - log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender     (CVE-2021-4104)

  - log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302)

  - log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305)

  - log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 7 : Red Hat JBoss Enterprise Application Platform 6.4.24 (RHSA-2022:5460)

critical Nessus Plugin ID 162638

Version 1.7