The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1513 advisory.

  - SnakeYaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)

  - undertow: Server identity in https connection is not checked by the undertow client (CVE-2022-4492)

  - snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode (CVE-2022-38752)

  - hsqldb: Untrusted input may lead to RCE attack (CVE-2022-41853)

  - dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)

  - codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881)

  - apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider     (CVE-2022-45787)

  - RESTEasy: creation of insecure temp files (CVE-2023-0482)

  - Undertow: Infinite loop in SslConduit during close (CVE-2023-1108)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.10 on RHEL 8 (RHSA-2023:1513)

critical Nessus Plugin ID 173692

Version 1.3

Version 1.2

Version 1.1

Version 1.0

Version 1.3 Apr 28, 2024, 2:25 PM Detection (updated detection logic) Plugin metadata Reference Plugin Feed: 202404281425
Version 1.2 May 24, 2023, 8:43 PM Logic Changes (Added support for ppc64le architecture) Plugin Feed: 202305242043
Version 1.1 Apr 19, 2023, 2:07 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True". "Exploit available" set to "True". "Exploit available" set to "True". "Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202304191407
Version 1.0 Mar 30, 2023, 12:00 PM New Plugin Feed: 202303301200