The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3288 advisory.

    -------------------------------------------------------------------------     Debian LTS Advisory DLA-3288-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                  Roberto C. Snchez     January 28, 2023                              https://wiki.debian.org/LTS
    -------------------------------------------------------------------------

    Package        : curl     Version        : 7.64.0-4+deb10u4     CVE ID         : CVE-2022-27774 CVE-2022-32221 CVE-2022-35252 CVE-2022-43552     Debian Bug     :

    Several vulnerabilities were discovered in Curl, an easy-to-use client-side     URL transfer library, which could result in denial of service or     information disclosure.

    This update also revises the fix for CVE-2022-27782 released in DLA-3085-1.

    For Debian 10 buster, these problems have been fixed in version     7.64.0-4+deb10u4.

    We recommend that you upgrade your curl packages.

    For the detailed security status of curl please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/curl

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS     Attachment:
    signature.asc     Description: PGP signature

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all     protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations.
    When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct     after it had been freed, in its transfer shutdown code path. (CVE-2022-43552)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The version of cmake / curl / mysql / rust / tensorflow installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-43552 advisory.

  - A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all     protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations.
    When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct     after it had been freed, in its transfer shutdown code path. (CVE-2022-43552)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Siemens SINEC NMS installed on the remote host is prior to 1.0.3.1. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA-892048 advisory.

  - When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to     ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle     previously was used to issue a `PUT` request which used that callback. This flaw may surprise the     application and cause it to misbehave and either send off the wrong data or use memory after free or     similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is     changed from a PUT to a POST. (CVE-2022-32221)

  - When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control     codes that when later are sent back to a HTTPserver might make the server return 400 responses.
    Effectively allowing a 'sister site to deny service to all siblings. (CVE-2022-35252)

  - curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095     consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based     buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause a     segfault or similar, but circumstances might also cause different outcomes.If a malicious user can provide     a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-     of-service. (CVE-2022-35260)

  - libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. (CVE-2022-40674)

  - A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all     protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations.
    When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct     after it had been freed, in its transfer shutdown code path. (CVE-2022-43552)

  - In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in     XML_ExternalEntityParserCreate in out-of-memory situations. (CVE-2022-43680)

  - curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-     HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and     then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often     only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200     status code to the client. Due to flaws in the error/cleanup handling, this could trigger a double free in     curl if one of the following schemes were used in the URL for the transfer: dict, gopher, gophers, ldap,     ldaps, rtmp, rtmps, or telnet. The earliest affected version is 7.77.0. (CVE-2022-42915)

  - In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS     support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step)     even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL     uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using     the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.).
    The earliest affected version is 7.77.0 2021-05-26. (CVE-2022-42916)

  - A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP.
    Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP     step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypassed if the host name     in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN     conversion. Like using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full     stop (U+002E) `.`. Then in a subsequent request, it does not detect the HSTS state and makes a clear text     transfer. Because it would store the info IDN encoded but look for it IDN decoded. (CVE-2022-43551)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2478 advisory.

    - fix HTTP multi-header compression denial of service (CVE-2023-23916)
    - smb/telnet: fix use-after-free when HTTP proxy denies tunnel (CVE-2022-43552)
    - fix POST following PUT confusion (CVE-2022-32221)

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2963 advisory.

    The curl packages provide the libcurl library and the curl utility for downloading files from servers     using various protocols, including HTTP, FTP, and LDAP.

    Security Fix(es):

    * curl: Incorrect handling of control code characters in cookies (CVE-2022-35252)

    * curl: Use-after-free triggered by an HTTP proxy deny response (CVE-2022-43552)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.8 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are     affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with     authentication could leak credentials to other services that exist on different protocols or port numbers.
    (CVE-2022-27774)

  - A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or     cookie header data on HTTP redirects to the same host but another port number. (CVE-2022-27776)

  - curl < 7.84.0 supports 'chained' HTTP compression algorithms, meaning that a serverresponse can be     compressed multiple times and potentially with different algorithms. The number of acceptable 'links' in     this 'decompression chain' was unbounded, allowing a malicious server to insert a virtually unlimited     number of compression steps.The use of such a decompression chain could result in a 'malloc bomb',     makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of     memory errors. (CVE-2022-32206)

  - When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly.
    This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject     data to the client. (CVE-2022-32208)

  - When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to     ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle     previously was used to issue a `PUT` request which used that callback. This flaw may surprise the     application and cause it to misbehave and either send off the wrong data or use memory after free or     similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is     changed from a PUT to a POST. (CVE-2022-32221)

  - When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control     codes that when later are sent back to a HTTPserver might make the server return 400 responses.
    Effectively allowing a'sister site' to deny service to all siblings. (CVE-2022-35252)

  - A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all     protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations.
    When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct     after it had been freed, in its transfer shutdown code path. (CVE-2022-43552)

  - An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the     'chained' HTTP compression algorithms, meaning that a server response can be compressed multiple times and     potentially with differentalgorithms. The number of acceptable 'links' in this 'decompression chain'     wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a     virtually unlimited number of compression steps simply byusing many headers. The use of such a     decompression chain could result in a 'malloc bomb', making curl end up spending enormous amounts of     allocated heap memory, or trying to and returning out of memory errors. (CVE-2023-23916)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The version of AHV installed on the remote host is prior to 20220304.480. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20220304.480 advisory.

  - An issue in Zen 2 CPUs, under specific microarchitectural circumstances, may allow an attacker to     potentially access sensitive information. (CVE-2023-20593)

  - An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x     before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If     a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly,     there is a brief window where the SSLSocket instance will detect the socket as not connected and won't     initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not     be authenticated if the server-side TLS peer is expecting client certificate authentication, and is     indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the     buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path     requires that the connection be closed on initialization of the SSLSocket.) (CVE-2023-40217)

  - A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all     protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations.
    When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct     after it had been freed, in its transfer shutdown code path. (CVE-2022-43552)

  - A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address     prediction. This may result in speculative execution at an attacker-controlled address, potentially     leading to information disclosure. (CVE-2023-20569)

  - The code that processes control channel messages sent to `named` calls certain functions recursively     during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on     the environment, this may cause the packet-parsing code to run out of available stack memory, causing     `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its     contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key;
    only network access to the control channel's configured TCP port is necessary. This issue affects BIND 9     versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through     9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1. (CVE-2023-3341)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0428 advisory.

    The curl packages provide the libcurl library and the curl utility for downloading files from servers     using various protocols, including HTTP, FTP, and LDAP.

    Security Fix(es):

    * curl: FTP too eager connection reuse (CVE-2023-27535)

    * curl: GSS delegation too eager connection re-use (CVE-2023-27536)

    * curl: information disclosure by exploiting a mixed case flaw (CVE-2023-46218)

    * curl: Incorrect handling of control code characters in cookies (CVE-2022-35252)

    * curl: Use-after-free triggered by an HTTP proxy deny response (CVE-2022-43552)

    * curl: more POST-after-PUT confusion (CVE-2023-28322)

    Bug Fix(es):

    * Cannot upload files bigger than 64K to SSH-2.0-9.99 sshlib server, transfer hangs (RHEL-5483)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of curl installed on the remote host is prior to 7.61.1-12.104. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1729 advisory.

    A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it     supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP     error response code. When getting denied to tunnel the specific SMB or TELNET protocols, curl can use a     heap-allocated struct after it has been freed and shut down the code path in its transfer.
    (CVE-2022-43552)

    curl: HTTP multi-header compression denial of service (CVE-2023-23916)

    The curl advisory describes this issue as follows:

    curl supports SFTP transfers. curl's SFTP implementation offers a special feature in the path component of     URLs: a tilde (~) character as the first path element in the path to denotes a path relative to the user's     home directory. This is supported because of wording in the once proposed to-become RFC draft that was to     dictate how SFTP URLs work.

    Due to a bug, the handling of the tilde in SFTP path did however not only replace it when it is used     stand-alone as the first path element but also wrongly when used as a mere prefix in the first element.

    Using a path like /~2/foo when accessing a server using the user dan (with home directory /home/dan) would     then quite surprisingly access the file /home/dan2/foo.

    This can be taken advantage of to circumvent filtering or worse. (CVE-2023-27534)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

This Solaris system is missing necessary patches to address critical security updates :

  - Vulnerability in the Oracle Solaris product of Oracle     Systems (component: Device Driver Interface). The     supported version that is affected is 11. Easily     exploitable vulnerability allows low privileged attacker     with logon to the infrastructure where Oracle Solaris     executes to compromise Oracle Solaris. Successful     attacks of this vulnerability can result in takeover of     Oracle Solaris. Note: CVE-2023-22023 is equivalent to     CVE-2023-31284. CVSS 3.1 Base Score 7.8     (Confidentiality, Integrity and Availability impacts).
    CVSS Vector:
    (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
    (CVE-2023-22023)

  - Vulnerability in the PeopleSoft Enterprise PeopleTools     product of Oracle PeopleSoft (component: Security     (OpenSSL)). Supported versions that are affected are     8.58, 8.59 and 8.60. Easily exploitable vulnerability     allows unauthenticated attacker with network access via     TLS to compromise PeopleSoft Enterprise PeopleTools.
    Successful attacks of this vulnerability can result in     unauthorized read access to a subset of PeopleSoft     Enterprise PeopleTools accessible data. CVSS 3.1 Base     Score 5.3 (Confidentiality impacts). CVSS Vector:
    (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
    (CVE-2022-2097)

  - Vulnerability in the MySQL Server product of Oracle     MySQL (component: Server: Connection Handling).
    Supported versions that are affected are 5.7.39 and     prior and 8.0.30 and prior. Easily exploitable     vulnerability allows high privileged attacker with     network access via multiple protocols to compromise     MySQL Server. Successful attacks of this vulnerability     can result in unauthorized ability to cause a hang or     frequently repeatable crash (complete DOS) of MySQL     Server. CVSS 3.1 Base Score 4.9 (Availability impacts).
    CVSS Vector:
    (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
    (CVE-2022-21617)

  - Vulnerability in the MySQL Server product of Oracle     MySQL (component: Server: Optimizer). Supported versions     that are affected are 5.7.39 and prior and 8.0.30 and     prior. Easily exploitable vulnerability allows high     privileged attacker with network access via multiple     protocols to compromise MySQL Server. Successful attacks     of this vulnerability can result in unauthorized ability     to cause a hang or frequently repeatable crash (complete     DOS) of MySQL Server. CVSS 3.1 Base Score 4.9     (Availability impacts). CVSS Vector:
    (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
    (CVE-2022-21608)

  - Vulnerability in the MySQL Server product of Oracle     MySQL (component: Server: Security: Encryption).
    Supported versions that are affected are 5.7.39 and     prior and 8.0.29 and prior. Easily exploitable     vulnerability allows low privileged attacker with     network access via multiple protocols to compromise     MySQL Server. Successful attacks of this vulnerability     can result in unauthorized read access to a subset of     MySQL Server accessible data. CVSS 3.1 Base Score 4.3     (Confidentiality impacts). CVSS Vector:
    (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
    (CVE-2022-21592)

  - Vulnerability in the MySQL Server product of Oracle     MySQL (component: Server: Security: Privileges).
    Supported versions that are affected are 5.7.39 and     prior and 8.0.16 and prior. Easily exploitable     vulnerability allows low privileged attacker with     network access via multiple protocols to compromise     MySQL Server. Successful attacks of this vulnerability     can result in unauthorized read access to a subset of     MySQL Server accessible data. CVSS 3.1 Base Score 4.3     (Confidentiality impacts). CVSS Vector:
    (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
    (CVE-2022-21589)

  - Vulnerability in the MySQL Server product of Oracle     MySQL (component: Server: Packaging (cURL)). Supported     versions that are affected are 5.7.41 and prior and     8.0.32 and prior. Easily exploitable vulnerability     allows unauthenticated attacker with network access via     multiple protocols to compromise MySQL Server.
    Successful attacks of this vulnerability can result in     unauthorized access to critical data or complete access     to all MySQL Server accessible data. CVSS 3.1 Base Score     7.5 (Confidentiality impacts). CVSS Vector:
    (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
    (CVE-2022-43551)

  - Vulnerability in the Oracle Communications Network     Analytics Data Director product of Oracle Communications     (component: Install/Upgrade (Kerberos)). The supported     version that is affected is 23.1.0. Easily exploitable     vulnerability allows low privileged attacker with     network access via HTTP to compromise Oracle     Communications Network Analytics Data Director.
    Successful attacks of this vulnerability can result in     takeover of Oracle Communications Network Analytics Data     Director. CVSS 3.1 Base Score 8.8 (Confidentiality,     Integrity and Availability impacts). CVSS Vector:
    (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
    (CVE-2022-42898)

  - Vulnerability in the Oracle Outside In Technology     product of Oracle Fusion Middleware (component: Third     Party (SQLite)). The supported version that is affected     is 8.5.6. Easily exploitable vulnerability allows low     privileged attacker with logon to the infrastructure     where Oracle Outside In Technology executes to     compromise Oracle Outside In Technology. Successful     attacks of this vulnerability can result in unauthorized     creation, deletion or modification access to critical     data or all Oracle Outside In Technology accessible data     as well as unauthorized access to critical data or     complete access to all Oracle Outside In Technology     accessible data and unauthorized ability to cause a     partial denial of service (partial DOS) of Oracle     Outside In Technology. CVSS 3.1 Base Score 7.3     (Confidentiality, Integrity and Availability impacts).
    CVSS Vector:
    (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L).
    (CVE-2022-46908)

  - Vulnerability in the Oracle Communications Diameter     Signaling Router product of Oracle Communications     (component: Platform (Microcode Controller)). The     supported version that is affected is 8.6.0.0. Easily     exploitable vulnerability allows low privileged attacker     with logon to the infrastructure where Oracle     Communications Diameter Signaling Router executes to     compromise Oracle Communications Diameter Signaling     Router. Successful attacks of this vulnerability can     result in unauthorized access to critical data or     complete access to all Oracle Communications Diameter     Signaling Router accessible data. CVSS 3.1 Base Score     5.5 (Confidentiality impacts). CVSS Vector:
    (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).
    (CVE-2022-21123)

  - Vulnerability in the PeopleSoft Enterprise PeopleTools     product of Oracle PeopleSoft (component: Porting     (Cryptography)). Supported versions that are affected     are 8.59 and 8.60. Easily exploitable vulnerability     allows unauthenticated attacker with network access via     HTTPS to compromise PeopleSoft Enterprise PeopleTools.
    Successful attacks of this vulnerability can result in     unauthorized update, insert or delete access to some of     PeopleSoft Enterprise PeopleTools accessible data and     unauthorized ability to cause a partial denial of     service (partial DOS) of PeopleSoft Enterprise     PeopleTools. CVSS 3.1 Base Score 6.5 (Integrity and     Availability impacts). CVSS Vector:
    (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L).
    (CVE-2023-23931)

  - Vulnerability in the PeopleSoft Enterprise PeopleTools     product of Oracle PeopleSoft (component: Porting (Python     setuptools)). Supported versions that are affected are     8.59 and 8.60. Difficult to exploit vulnerability allows     unauthenticated attacker with network access via HTTP to     compromise PeopleSoft Enterprise PeopleTools. Successful     attacks of this vulnerability can result in unauthorized     ability to cause a hang or frequently repeatable crash     (complete DOS) of PeopleSoft Enterprise PeopleTools.
    CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS     Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
    (CVE-2022-40897)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3354 advisory.

    Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This     software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged     under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent     update experience.

    This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 serves as a     replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1, and includes bug     fixes and enhancements, which are documented in the Release Notes document linked to in the References.

    Security Fix(es):

    * apr-util: out-of-bounds writes in the apr_base64 (CVE-2022-25147)
    * curl: HSTS bypass via IDN (CVE-2022-43551)
    * curl: HTTP Proxy deny use-after-free (CVE-2022-43552)
    * curl: HSTS ignored on multiple requests (CVE-2023-23914)
    * curl: HSTS amnesia with --parallel (CVE-2023-23915)
    * curl: HTTP multi-header compression denial of service (CVE-2023-23916)
    * curl: TELNET option IAC injection (CVE-2023-27533)
    * curl: SFTP path ~ resolving discrepancy (CVE-2023-27534)
    * httpd: mod_dav: out-of-bounds read/write of zero byte (CVE-2006-20001)
    * httpd: HTTP request splitting with mod_rewrite and mod_proxy (CVE-2023-25690)
    * openssl: timing attack in RSA Decryption implementation (CVE-2022-4304)
    * openssl: double free after calling PEM_read_bio_ex (CVE-2022-4450)
    * openssl: use-after-free following BIO_new_NDEF (CVE-2023-0215)
    * openssl: X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
170757	Debian dla-3288 : curl - security update	Nessus	Debian Local Security Checks	1/28/2023	1/22/2025	critical
172321	EulerOS 2.0 SP9 : curl (EulerOS-SA-2023-1438)	Nessus	Huawei Local Security Checks	3/8/2023	8/31/2023	medium
172887	CBL Mariner 2.0 Security Update: cmake / curl / mysql / rust / tensorflow (CVE-2022-43552)	Nessus	MarinerOS Local Security Checks	3/20/2023	2/10/2025	medium
175628	Siemens SINEC NMS < V1.0 SP2 Update 1 Multiple Vulnerabilities	Nessus	Windows	5/14/2023	10/23/2023	critical
175713	Oracle Linux 9 : curl (ELSA-2023-2478)	Nessus	Oracle Linux Local Security Checks	5/15/2023	10/22/2024	medium
175857	RHEL 8 : curl (RHSA-2023:2963)	Nessus	Red Hat Local Security Checks	5/16/2023	3/22/2025	medium
177190	EulerOS Virtualization 3.0.6.0 : curl (EulerOS-SA-2023-2235)	Nessus	Huawei Local Security Checks	6/13/2023	6/19/2023	critical
190819	Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20220304.480)	Nessus	Misc.	2/20/2024	2/19/2025	critical
189567	RHEL 8 : curl (RHSA-2024:0428)	Nessus	Red Hat Local Security Checks	1/25/2024	11/7/2024	critical
174617	Amazon Linux AMI : curl (ALAS-2023-1729)	Nessus	Amazon Linux Local Security Checks	4/21/2023	12/11/2024	high
178627	Oracle Solaris Critical Patch Update : jul2023_SRU11_4_57_144_3	Nessus	Solaris Local Security Checks	7/20/2023	11/16/2023	critical
176683	RHEL 7 / 8 : Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP2 (RHSA-2023:3354)	Nessus	Red Hat Local Security Checks	6/5/2023	11/7/2024	critical

Detections

Analytics

Plugins Search

critical

medium

medium

critical

medium

medium

critical

critical

critical

high

critical

critical