The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7637 advisory.

  - guava: insecure temporary directory creation (CVE-2023-2976)

  - eap-galleon: custom provisioning creates unsecured http-invoker (CVE-2023-4503)

  - xnio: StackOverflowException when the chain of notifier states becomes problematically big (CVE-2023-5685)

  - jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()     (CVE-2023-26048)

  - jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049)

  - apache-mina-sshd: information exposure in SFTP server implementations (CVE-2023-35887)

  - apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK     (CVE-2023-39410)

  - HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)     (CVE-2023-44487)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 7 (RHSA-2023:7637)

high Nessus Plugin ID 186542

Version 1.4