The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:3357 advisory.

    Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly     application runtime.

    This asynchronous patch is an update for Red Hat JBoss Enterprise Application Platform 8.0. See Release     Notes for information about the most     significant bug fixes and enhancements included in this release.

    Security Fix(es):

    * org.jboss.narayana-narayana-all: deadlock via multiple join requests sent to LRA Coordinator [eap-8.0.z]     (CVE-2024-8447)

    * io.netty/netty: Denial of Service attack on windows app using Netty [eap-8.0.z] (CVE-2024-47535)

    * io.netty/netty-handler: SslHandler doesn't correctly validate packets which can lead to native crash     when using native SSLEngine [eap-8.0.z] (CVE-2025-24970)

    * netty-common: Denial of Service attack on windows app using Netty [eap-8.0.z] (CVE-2025-25193)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Atlassian Confluence Server running on the remote host is affected by a denial of service vulnerability as referenced in the CONFSERVER-99540 advisory.

  - Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in     version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via     SslHandler it doesn't correctly handle validation of such a packet in all cases which can lead to a native     crash. Version 4.1.118.Final contains a patch. As workaround its possible to either disable the usage of     the native SSLEngine or change the code manually. (CVE-2025-24970)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:4548 advisory.

    Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly     application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.22 serves as a     replacement for Red Hat JBoss Enterprise Application Platform 7.4.21, and includes bug fixes and     enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.22 Release Notes for information     about the most significant bug fixes and enhancements included in this release.

    Security Fix(es):

    * io.netty/netty-handler: SslHandler doesn't correctly validate packets which can lead to native crash     when using native SSLEngine (CVE-2025-24970)

    * io.netty/netty: Denial of Service attack on windows app using Netty (CVE-2024-47535)

    * netty-common: Denial of Service attack on windows app using Netty (CVE-2025-25193)

    * org.wildfly.core/wildfly-server: Wildfly improper RBAC permission (CVE-2025-23367)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0590-1 advisory.

    - CVE-2025-24970: incorrect validation of packets by SslHandler can lead to a native crash. (bsc#1237037)
    - CVE-2025-25193: unsafe reading of environment files can lead to an application crash. (bsc#1237038)

    Update to netty version 4.1.118 and netty-tcnative version 2.0.70 Final.

    Other fixes:

    - Fix recycling in CodecOutputList.
    - StreamBufferingEncoder: do not send header frame with priority by default.
    - Notify event loop termination future of unexpected exceptions.
    - Fix AccessControlException in GlobalEventExecutor.
    - AdaptivePoolingAllocator: round chunk sizes up and reduce chunk release frequency.
    - Support BouncyCastle FIPS for reading PEM files.
    - Dns: correctly encode DnsPtrRecord.
    - Provide Brotli settings without com.aayushatharva.brotli4j dependency.
    - Make DefaultResourceLeak more resilient against OOM.
    - OpenSslSession: add support to defensively check for peer certs.
    - SslHandler: ensure buffers are never leaked when wrap(...) produces SSLException.
    - Correcly handle comments appended to nameserver declarations.
    - PcapWriteHandler: apply fixes so that the handler can append to an existing PCAP file when writing the     global header.
    - PcapWriteHandler: allow output of PCAP files larger than 2GB.
    - Fix bugs in BoundedInputStream.
    - Fix HTTP header validation bug.
    - AdaptivePoolingAllocator: fix possible race condition in method offerToQueue(...).
    - AdaptivePoolingAllocator: make sure the sentinel object Magazine.MAGAZINE_FREED not be replaced.
    - Only try to use Zstd and Brotli if the native libs can be loaded.
    - Bump BlockHound version to 1.0.10.RELEASE.
    - Add details to TooLongFrameException message.
    - AdaptivePoolingAllocator: correctly reuse chunks.
    - AdaptivePoolingAllocator: don't fail when we run on a host with 1 core.
    - AdaptivePoolingAllocator: correctly re-use central queue chunks and avoid OOM issue.
    - Fix several memory management (leaks and missing checks) issues.

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Atlassian Jira Service Management Data Center and Server (Jira Service Desk) running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16207 advisory.

  - Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in     version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via     SslHandler it doesn't correctly handle validation of such a packet in all cases which can lead to a native     crash. Version 4.1.118.Final contains a patch. As workaround its possible to either disable the usage of     the native SSLEngine or change the code manually. (CVE-2025-24970)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Coherence installed on the remote host is affected by a vulnerability as referenced in the April 2025 CPU advisory.

  - Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Third Party     (Netty)). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0. Easily     exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise     Oracle Coherence. Successful attacks of this vulnerability can result in unauthorized ability to cause     a hang or frequently repeatable crash (complete DOS) of Oracle Coherence. (CVE-2025-24970, CVE-2025-25193)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:4550 advisory.

    Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly     application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.22 serves as a     replacement for Red Hat JBoss Enterprise Application Platform 7.4.21, and includes bug fixes and     enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.22 Release Notes for information     about the most significant bug fixes and enhancements included in this release.

    Security Fix(es):

    * io.netty/netty-handler: SslHandler doesn't correctly validate packets which can lead to native crash     when using native SSLEngine (CVE-2025-24970)

    * io.netty/netty: Denial of Service attack on windows app using Netty (CVE-2024-47535)

    * netty-common: Denial of Service attack on windows app using Netty (CVE-2025-25193)

    * org.wildfly.core/wildfly-server: Wildfly improper RBAC permission (CVE-2025-23367)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:3465 advisory.

    Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly     application runtime.

    This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4.

    Security Fix(es):

    * io.netty/netty: Denial of Service attack on windows app using Netty (CVE-2024-47535)

    * netty-common: Denial of Service attack on windows app using Netty (CVE-2025-25193)

    * io.netty/netty-handler: SslHandler doesn't correctly validate packets which can lead to native crash     when using native SSLEngine (CVE-2025-24970)

    * org.wildfly.core/wildfly-server: Wildfly improper RBAC permission (CVE-2025-23367)

    A Red Hat Security Bulletin which addresses further details about this flaw is available in the References     section.

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:4549 advisory.

    Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly     application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.22 serves as a     replacement for Red Hat JBoss Enterprise Application Platform 7.4.21, and includes bug fixes and     enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.22 Release Notes for information     about the most significant bug fixes and enhancements included in this release.

    Security Fix(es):

    * io.netty/netty-handler: SslHandler doesn't correctly validate packets which can lead to native crash     when using native SSLEngine (CVE-2025-24970)

    * io.netty/netty: Denial of Service attack on windows app using Netty (CVE-2024-47535)

    * netty-common: Denial of Service attack on windows app using Netty (CVE-2025-25193)

    * org.wildfly.core/wildfly-server: Wildfly improper RBAC permission (CVE-2025-23367)     For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
233543	RHEL 8 / 9 : Red Hat JBoss Enterprise Application Platform 8.0.6 (RHSA-2025:3357)	Nessus	Red Hat Local Security Checks	3/29/2025	6/5/2025	medium
236969	Atlassian Confluence 7.19.x < 8.5.20 / 8.6.x < 9.2.2 / 9.3.x < 9.3.2 DoS (CONFSERVER-99540)	Nessus	CGI abuses	5/20/2025	5/23/2025	high
235382	RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.22 (RHSA-2025:4548)	Nessus	Red Hat Local Security Checks	5/6/2025	6/5/2025	medium
216507	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : netty, netty-tcnative (SUSE-SU-2025:0590-1)	Nessus	SuSE Local Security Checks	2/20/2025	3/27/2025	medium
237197	Atlassian Jira Service Management Data Center and Server 5.11.3 < 5.12.20 / < 5.12.22 / 5.13.x < 10.3.5 / 10.4.x < 10.6.0 (JSDSERVER-16207)	Nessus	Misc.	5/23/2025	5/23/2025	high
234552	Oracle Coherence (April 2025 CPU)	Nessus	Misc.	4/17/2025	4/17/2025	high
235384	RHEL 9 : Red Hat JBoss Enterprise Application Platform 7.4.22 (RHSA-2025:4550)	Nessus	Red Hat Local Security Checks	5/6/2025	6/5/2025	medium
233918	RHEL 7 / 8 / 9 : Red Hat JBoss Enterprise Application Platform 7.4.21 (RHSA-2025:3465)	Nessus	Red Hat Local Security Checks	4/5/2025	6/5/2025	medium
235383	RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.22 (RHSA-2025:4549)	Nessus	Red Hat Local Security Checks	5/6/2025	6/5/2025	medium

Detections

Analytics

Plugins Search

medium

high

medium

medium

high

high

medium

medium

medium