The remote host is affected by the vulnerability described in GLSA-202003-43 (Apache Tomcat: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Apache Tomcat. Please       review the CVE identifiers referenced below for details.
  Impact :

    An attacker could possibly smuggle HTTP requests or execute arbitrary       code.
  Workaround :

    There is no known workaround at this time.

According to its self-reported version, the MySQL Enterprise Monitor application running on the remote host is 4.0.x prior to 4.0.12.5346 or 8.0.x prior to 8.0.20.1237. It is, therefore, affected by a remote code execution vulnerability. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands. 

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of AOS installed on the remote host is prior to 5.16.1.3. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.16.1.3 advisory.

  - When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to     Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP     connection. If such connections are available to an attacker, they can be exploited in ways that may be     surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped     with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected     (and recommended in the security guide) that this Connector would be disabled if not required. This     vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the     web application - processing any file in the web application as a JSP Further, if the web application     allowed file upload and stored those files within the web application (or the attacker was able to control     the content of the web application by some other means) then this, along with the ability to process a     file as a JSP, made remote code execution possible. It is important to note that mitigation is only     required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth     approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to     Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP     Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading     to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.
    (CVE-2020-1938)

  - rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a     certain upper-bound check, leading to a buffer overflow. (CVE-2019-17666)

  - The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-     free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c,     include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can     occur with FUSE requests. (CVE-2019-11487)

  - A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where,     the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error     occurs. When a guest is running on a host CPU affected by the TAA flaw (TAA_NO=0), but is not affected by     the MDS issue (MDS_NO=1), the guest was to clear the affected buffers by using a VERW instruction     mechanism. But when the MDS_NO=1 bit was exported to the guests, the guests did not use the VERW mechanism     to clear the affected buffers. This issue affects guests running on Cascade Lake CPUs and requires that     host has 'TSX' enabled. Confidentiality of data is the highest threat associated with this vulnerability.
    (CVE-2019-19338)

  - The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon     receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover     credentials by sniffing the network. (CVE-2018-18074)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has tomcat packages installed that are affected by a vulnerability:

  - When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to     Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP     connection. If such connections are available to an attacker, they can be exploited in ways that may be     surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped     with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected     (and recommended in the security guide) that this Connector would be disabled if not required. This     vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the     web application - processing any file in the web application as a JSP Further, if the web application     allowed file upload and stored those files within the web application (or the attacker was able to control     the content of the web application by some other means) then this, along with the ability to process a     file as a JSP, made remote code execution possible. It is important to note that mitigation is only     required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth     approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to     Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP     Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading     to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.
    (CVE-2020-1938)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The versions of Oracle Siebel CRM installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2020 CPU advisory.

  - Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: EAI, SWSE (Apache     Tomcat)). Supported versions that are affected are 20.5 and prior. Easily exploitable vulnerability allows     unauthenticated attacker with network access via multiple protocols to compromise Siebel UI Framework.
    Successful attacks of this vulnerability can result in takeover of Siebel UI Framework. (CVE-2020-1938)

  - Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: EAI (jackson-databind)).
    Supported versions that are affected are 20.5 and prior. Easily exploitable vulnerability allows     unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful     attacks of this vulnerability can result in takeover of Siebel UI Framework. (CVE-2019-16943)

  - Vulnerability in the Siebel Engineering - Installer and Deployment product of Oracle Siebel CRM     (component: Siebel Approval Manager (jackson-databind)). Supported versions that are affected are 2.20.5     and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP     to compromise Siebel Engineering - Installer and Deployment. Successful attacks of this vulnerability can     result in takeover of Siebel Engineering - Installer and Deployment. (CVE-2019-16943)

  - Vulnerability in the Siebel Engineering - Installer and Deployment product of Oracle Siebel CRM     (component: Siebel Approval Manager (Log4j)). Supported versions that are affected are 2.20.5 and prior.
    Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTPS to     compromise Siebel Engineering - Installer and Deployment. Successful attacks of this vulnerability can     result in unauthorized read access to a subset of Siebel Engineering - Installer and Deployment accessible     data. (CVE-2020-9488)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2781 advisory.

    Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss     Application Server.

    This release of Red Hat JBoss Enterprise Application Platform 6.4.23 serves as a replacement for Red Hat     JBoss Enterprise Application Platform 6.4.22, and includes bug fixes and enhancements, which are     documented in the Release Notes document listed in the References section.

    Security Fix(es):

    * jbossweb: tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability (CVE-2020-1938)

    * JBoss EAP: Vault system property security attribute value is revealed on CLI 'reload' command     (CVE-2019-14885)

    For more details about the security issue(s), including the impact, a CVSS score, and other related     information, see the CVE page(s) listed in the References section.

    All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 5 are advised     to upgrade to these updated packages.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Tomcat installed on the remote host is prior to 7.0.100. It is, therefore, affected by multiple vulnerabilities as referenced in the fixed_in_apache_tomcat_7.0.100_security-7 advisory.

  - When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to     Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP     connection. If such connections are available to an attacker, they can be exploited in ways that may be     surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped     with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected     (and recommended in the security guide) that this Connector would be disabled if not required. This     vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the     web application - processing any file in the web application as a JSP Further, if the web application     allowed file upload and stored those files within the web application (or the attacker was able to control     the content of the web application by some other means) then this, along with the ability to process a     file as a JSP, made remote code execution possible. It is important to note that mitigation is only     required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth     approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to     Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP     Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading     to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.
    (CVE-2020-1938)

  - In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used     an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led     to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly     handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered     unlikely. (CVE-2020-1935)

  - The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99     introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were     incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behind a     reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a     reverse proxy is considered unlikely. (CVE-2019-17569)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to     Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP     connection. If such connections are available to an attacker, they can be exploited in ways that may be     surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped     with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected     (and recommended in the security guide) that this Connector would be disabled if not required. This     vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the     web application - processing any file in the web application as a JSP Further, if the web application     allowed file upload and stored those files within the web application (or the attacker was able to control     the content of the web application by some other means) then this, along with the ability to process a     file as a JSP, made remote code execution possible. It is important to note that mitigation is only     required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth     approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to     Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP     Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading     to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.
    (CVE-2020-1938)

Note that Nessus relies on the presence of the package as reported by the vendor.

ID	Name	Product	Family	Published	Updated	Severity
134729	GLSA-202003-43 : Apache Tomcat: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	3/20/2020	1/10/2023	critical
138567	MySQL Enterprise Monitor 4.0.x < 4.0.12.5346 / 8.0.x < 8.0.20.1237 (Jul 2020 CPU)	Nessus	CGI abuses	7/17/2020	11/1/2023	critical
164582	Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.16.1.3)	Nessus	Misc.	9/1/2022	2/17/2025	critical
143968	NewStart CGSL CORE 5.05 / MAIN 5.05 : tomcat Vulnerability (NS-SA-2020-0085)	Nessus	NewStart CGSL Local Security Checks	12/9/2020	1/11/2023	critical
212407	Oracle Siebel Server (July 2020 CPU)	Nessus	Misc.	12/11/2024	12/12/2024	critical
138020	RHEL 5 : Red Hat JBoss Enterprise Application Platform 6.4.23 (RHSA-2020:2781)	Nessus	Red Hat Local Security Checks	7/1/2020	11/7/2024	critical
197843	Apache Tomcat 7.0.0 < 7.0.100 multiple vulnerabilities	Nessus	Web Servers	5/23/2024	3/13/2025	critical
245101	Linux Distros Unpatched Vulnerability : CVE-2020-1938	Nessus	Misc.	8/7/2025	8/7/2025	critical

Detections

Analytics

Plugins Search

critical

critical

critical

critical

critical

critical

critical

critical