In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3467 advisory.

    This release of Red Hat JBoss Enterprise Application Platform 7.3.9 serves as a replacement for Red Hat     JBoss Enterprise Application Platform 7.3.8, and includes bug fixes and enhancements. See the Red Hat     JBoss Enterprise Application Platform 7.3.9 Release Notes for information about the most significant bug     fixes and enhancements included in this release.

    Security Fix(es):

    * undertow: buffer leak on incoming websocket PONG message may lead to DoS (CVE-2021-3690)

    * undertow: HTTP2SourceChannel fails to write final frame under some circumstances may lead to DoS     (CVE-2021-3597)

    * jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate (CVE-2021-28170)

    * apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6 (CVE-2021-29425)

    * wildfly-core: Invalid Sensitivity Classification of Vault Expression (CVE-2021-3644)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3468 advisory.

    This release of Red Hat JBoss Enterprise Application Platform 7.3.9 serves as a replacement for Red Hat     JBoss Enterprise Application Platform 7.3.8, and includes bug fixes and enhancements. See the Red Hat     JBoss Enterprise Application Platform 7.3.9 Release Notes for information about the most significant bug     fixes and enhancements included in this release.

    Security Fix(es):

    * undertow: buffer leak on incoming websocket PONG message may lead to DoS (CVE-2021-3690)

    * undertow: HTTP2SourceChannel fails to write final frame under some circumstances may lead to DoS     (CVE-2021-3597)

    * jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate (CVE-2021-28170)

    * apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6 (CVE-2021-29425)

    * wildfly-core: Invalid Sensitivity Classification of Vault Expression (CVE-2021-3644)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3466 advisory.

    This release of Red Hat JBoss Enterprise Application Platform 7.3.9 serves as a replacement for Red Hat     JBoss Enterprise Application Platform 7.3.8, and includes bug fixes and enhancements. See the Red Hat     JBoss Enterprise Application Platform 7.3.9 Release Notes for information about the most significant bug     fixes and enhancements included in this release.

    Security Fix(es):

    * undertow: buffer leak on incoming websocket PONG message may lead to DoS (CVE-2021-3690)

    * undertow: HTTP2SourceChannel fails to write final frame under some circumstances may lead to DoS     (CVE-2021-3597)

    * jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate (CVE-2021-28170)

    * apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6 (CVE-2021-29425)

    * wildfly-core: Invalid Sensitivity Classification of Vault Expression (CVE-2021-3644)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Oracle WebLogic Server installed on the remote host is missing a security patch from the April 2020 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities:

  - A temp directory creation vulnerability in the bundled Guava component that allows a low privileged attacker     with logon access to the infrastructure where Oracle WebLogic Server executes to gain read access to a subset of     data accessible to Oracle WebLogic Server. (CVE-2020-8908)

  - An improper input validation flaw in the bundled JBoss Enterprise Application Platform that allows an     unauthenticated attacker with network access via HTTP update, insert or delete access to a subset of data     accessible to Oracle WebLogic Server. (CVE-2021-28170)

  - A cross-site scripting vulnerability in the bundled JQuery component that allows an unauthenticated attacker with     network access via HTTP, with human interaction from another user, update, insert, delete and read access to a     subset of data accessible to Oracle WebLogic Server. (CVE-2021-41184)

  - A denial of service vulnerability in the core component of Oracle WebLogic Server that allows an unauthenticated     attacker with network access via T3/IIOP to cause a hang or frequently repeatable crash of the Oracle WebLogic     Server. (CVE-2022-21441)

  - A vulnerability in the console component of Oracle WebLogic Server that allows an unauthenticated attacker with     network access via HTTP, with human interaction from another user, update, insert, delete and read access to a     subset of the data accessible to Oracle WebLogic Server. (CVE-2022-21453)

  - A SQL injection vulnerability in the bundled Log4J component that allows an unauthenticated attacker with     network access via HTTP to execute arbitrary code on the Oracle WebLogic Server. (CVE-2022-23305)

  - An XML injection vulnerability in the bundled Apache Xerces Java component that allows an unauthenticated attacker     with network access via HTTP, with human interaction from another user, to cause a hang or frequently repeatable     crash of Oracle WebLogic Server. (CVE-2022-23437)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3656 advisory.

    Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly     application runtime.

    This release of Red Hat JBoss Enterprise Application Platform 7.4.1 serves as a replacement for Red Hat     JBoss Enterprise Application Platform 7.4.0 and includes bug fixes and enhancements. See the Red Hat JBoss     Enterprise Application Platform 7.4.1 Release Notes for information about the most significant bug fixes     and enhancements included in this release.

    Security Fix(es):

    * velocity: arbitrary code execution when attacker is able to modify templates (CVE-2020-13936)

    * undertow: buffer leak on incoming websocket PONG message may lead to DoS (CVE-2021-3690)

    * undertow: HTTP2SourceChannel fails to write final frame under some circumstances may lead to DoS     (CVE-2021-3597)

    * wildfly-elytron: possible timing attack in ScramServer (CVE-2021-3642)

    * netty: possible request smuggling in HTTP/2 due missing validation (CVE-2021-21295)

    * netty: Request smuggling via content-length header (CVE-2021-21409)

    * jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate (CVE-2021-28170)

    * apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6 (CVE-2021-29425)

    * wildfly: XSS via admin console when creating roles in domain mode (CVE-2021-3536)

    * wildfly-core: Invalid Sensitivity Classification of Vault Expression (CVE-2021-3644)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3658 advisory.

    Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly     application runtime.

    This release of Red Hat JBoss Enterprise Application Platform 7.4.1 serves as a replacement for Red Hat     JBoss Enterprise Application Platform 7.4.0 and includes bug fixes and enhancements. See the Red Hat JBoss     Enterprise Application Platform 7.4.1 Release Notes for information about the most significant bug fixes     and enhancements included in this release.

    Security Fix(es):

    * velocity: arbitrary code execution when attacker is able to modify templates (CVE-2020-13936)

    * undertow: buffer leak on incoming websocket PONG message may lead to DoS (CVE-2021-3690)

    * undertow: HTTP2SourceChannel fails to write final frame under some circumstances may lead to DoS     (CVE-2021-3597)

    * wildfly-elytron: possible timing attack in ScramServer (CVE-2021-3642)

    * netty: possible request smuggling in HTTP/2 due missing validation (CVE-2021-21295)

    * netty: Request smuggling via content-length header (CVE-2021-21409)

    * jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate (CVE-2021-28170)

    * apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6 (CVE-2021-29425)

    * wildfly: XSS via admin console when creating roles in domain mode (CVE-2021-3536)

    * wildfly-core: Invalid Sensitivity Classification of Vault Expression (CVE-2021-3644)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
165158	RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.3.9 security update on RHEL 7 (Important) (RHSA-2021:3467)	Nessus	Red Hat Local Security Checks	medium
165138	RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.3.9 security update on RHEL 8 (Important) (RHSA-2021:3468)	Nessus	Red Hat Local Security Checks	medium
165115	RHEL 6 : Red Hat JBoss Enterprise Application Platform 7.3.9 security update on RHEL 6 (Important) (RHSA-2021:3466)	Nessus	Red Hat Local Security Checks	medium
160036	Oracle WebLogic Server (Apr 2022 CPU)	Nessus	Misc.	critical
153835	RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.1 security update on RHEL 7 (Important) (RHSA-2021:3656)	Nessus	Red Hat Local Security Checks	high
153832	RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.1 security update on RHEL 8 (Important) (RHSA-2021:3658)	Nessus	Red Hat Local Security Checks	high

Detections

Analytics

CVE-2021-28170

medium

Tenable Plugins

medium

medium

medium

critical

high

high