The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:0216 advisory.

  - JBoss Security: Wrong security context loaded when using SAML2 STS Login Module (CVE-2014-7827)

  - RESTeasy: External entities expanded by DocumentProvider (CVE-2014-7839)

  - JBoss AS/WildFly Domain Management: Limited RBAC authorization bypass (CVE-2014-7849)

  - JBoss AS/WildFly JacORB Subsystem: Information disclosure via incorrect sensitivity classification of     attribute (CVE-2014-7853)

  - JBoss Weld: Limited information disclosure via stale thread state (CVE-2014-8122)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 5 : Red Hat JBoss Enterprise Application Platform 6.3.3 update (Moderate) (RHSA-2015:0216)

medium Nessus Plugin ID 81339

Version 1.12