Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder.

The versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2024 CPU advisory.

  - Netty project is an event-driven asynchronous network application framework. In versions prior to     4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an     infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a     custom HaProxyMessageDecoder. (CVE-2022-41881)

  - Netty project is an event-driven asynchronous network application framework. Starting in version     4.1.83.Final and prior to 4.1.86.Final, when calling `DefaultHttpHeadesr.set` with an _iterator_ of     values, header value validation was not performed, allowing malicious header values in the iterator to     perform HTTP Response Splitting. This issue has been patched in version 4.1.86.Final. Integrators can work     around the issue by changing the `DefaultHttpHeaders.set(CharSequence, Iterator<?>)` call, into a     `remove()` call, and call `add()` in a loop over the iterator of values. (CVE-2022-41915)

  - A defect was discovered in the Python ssl module where there is a memory race condition with the     ssl.SSLContext methods cert_store_stats() and get_ca_certs(). The race condition can be triggered if     the methods are called at the same time as certificates are loaded into the SSLContext, such as during the     TLS handshake with a certificate directory configured. This issue is fixed in CPython 3.10.14, 3.11.9,     3.12.3, and 3.13.0a5. (CVE-2024-0397)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Oracle TimesTen installed on the remote host is 22.x prior to 22.1.1.7.0.
It is, therefore, affected by multiple vulnerabilities as referenced in the July 2023 CPU advisory

  - Vulnerability in Oracle TimesTen In-Memory Database (component: TimesTen IMDB (Dell BSAFE Micro Edition Suite)).     Supported versions that are affected are 22.1.1.1.0 - 22.1.1.6.0. Difficult to exploit vulnerability allows     unauthenticated attacker with network access via multiple protocols to compromise Oracle TimesTen In-Memory     Database. (CVE-2020-35168)

  - Security-in-Depth issue in Oracle TimesTen In-Memory Database (component: EM TimesTen plug-in (Netty)).     (CVE-2022-41881)

  - Security-in-Depth issue in Oracle TimesTen In-Memory Database (component: EM TimesTen plug-in (Golang Go)).
    (CVE-2023-24532)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2096-2 advisory.

  - Netty is an open-source, asynchronous event-driven network application framework. The package     `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290.
    When Netty's multipart decoders are used local information disclosure can occur via the local system     temporary directory if temporary storing uploads on the disk is enabled. This only impacts applications     running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like     systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory     between all users. Version 4.1.77.Final contains a patch for this vulnerability. As a workaround, specify     one's own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the     directory to something that is only readable by the current user. (CVE-2022-24823)

  - Netty project is an event-driven asynchronous network application framework. In versions prior to     4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an     infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a     custom HaProxyMessageDecoder. (CVE-2022-41881)

  - Netty project is an event-driven asynchronous network application framework. Starting in version     4.1.83.Final and prior to 4.1.86.Final, when calling `DefaultHttpHeadesr.set` with an _iterator_ of     values, header value validation was not performed, allowing malicious header values in the iterator to     perform HTTP Response Splitting. This issue has been patched in version 4.1.86.Final. Integrators can work     around the issue by changing the `DefaultHttpHeaders.set(CharSequence, Iterator<?>)` call, into a     `remove()` call, and call `add()` in a loop over the iterator of values. (CVE-2022-41915)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2705 advisory.

    Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides     authentication and standards-based single sign-on capabilities for web and mobile applications.

    This release of Red Hat Single Sign-On 7.6.3 on RHEL 7 serves as a replacement for Red Hat Single Sign-On     7.6.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked     to in the References.

    Security Fix(es):

    * okhttp: information disclosure via improperly used cryptographic function (CVE-2021-0341)

    * undertow: Server identity in https connection is not checked by the undertow client (CVE-2022-4492)

    * snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode (CVE-2022-38752)

    * dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)

    * codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881)

    * apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider     (CVE-2022-45787)

    * RESTEasy: creation of insecure temp files (CVE-2023-0482)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2706 advisory.

    Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides     authentication and standards-based single sign-on capabilities for web and mobile applications.

    This release of Red Hat Single Sign-On 7.6.3 on RHEL 8 serves as a replacement for Red Hat Single Sign-On     7.6.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked     to in the References.

    Security Fix(es):

    * okhttp: information disclosure via improperly used cryptographic function (CVE-2021-0341)

    * undertow: Server identity in https connection is not checked by the undertow client (CVE-2022-4492)

    * snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode (CVE-2022-38752)

    * dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)

    * codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881)

    * apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider     (CVE-2022-45787)

    * RESTEasy: creation of insecure temp files (CVE-2023-0482)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2707 advisory.

    Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides     authentication and standards-based single sign-on capabilities for web and mobile applications.

    This release of Red Hat Single Sign-On 7.6.3 on RHEL 9 serves as a replacement for Red Hat Single Sign-On     7.6.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked     to in the References.

    Security Fix(es):

    * okhttp: information disclosure via improperly used cryptographic function (CVE-2021-0341)

    * undertow: Server identity in https connection is not checked by the undertow client (CVE-2022-4492)

    * snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode (CVE-2022-38752)

    * dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)

    * codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881)

    * apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider     (CVE-2022-45787)

    * RESTEasy: creation of insecure temp files (CVE-2023-0482)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of IBM Cognos Analytics installed on the remote host is 11.1.x prior to 11.1.7 Fix Pack 7 or 11.2.x prior to 11.2.4 FP1. It is, therefore, affected by multiple vulnerabilities, including the following:

  - GNOME libxml2 could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free     flaw in the xmlXIncludeDoProcess() function in xinclude.c. By sending a specially-crafted file, an attacker could     exploit this vulnerability to execute arbitrary code on the system. (CVE-2021-3518)

  - Node.js could allow a local attacker to gain elevated privileges on the system, caused by the DLL search order     hijacking of providers.dll. By placing a specially crafted file, an attacker could exploit this vulnerability     to escalate privileges. (CVE-2022-32223)

  - Node.js marked module is vulnerable to a denial of service, caused by a regular expression denial of service     (ReDoS) flaw in inline.reflinkSearch. By sending a specially-crafted regex input, a remote attacker could exploit     this vulnerability to cause a denial of service condition. (CVE-2022-21681)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2096-1 advisory.

  - Netty is an open-source, asynchronous event-driven network application framework. The package     `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290.
    When Netty's multipart decoders are used local information disclosure can occur via the local system     temporary directory if temporary storing uploads on the disk is enabled. This only impacts applications     running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like     systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory     between all users. Version 4.1.77.Final contains a patch for this vulnerability. As a workaround, specify     one's own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the     directory to something that is only readable by the current user. (CVE-2022-24823)

  - Netty project is an event-driven asynchronous network application framework. In versions prior to     4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an     infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a     custom HaProxyMessageDecoder. (CVE-2022-41881)

  - Netty project is an event-driven asynchronous network application framework. Starting in version     4.1.83.Final and prior to 4.1.86.Final, when calling `DefaultHttpHeadesr.set` with an _iterator_ of     values, header value validation was not performed, allowing malicious header values in the iterator to     perform HTTP Response Splitting. This issue has been patched in version 4.1.86.Final. Integrators can work     around the issue by changing the `DefaultHttpHeaders.set(CharSequence, Iterator<?>)` call, into a     `remove()` call, and call `add()` in a loop over the iterator of values. (CVE-2022-41915)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6049-1 advisory.

    It was discovered that Netty's Zlib decoders did not limit memory allocations. A remote attacker could     possibly use this issue to cause Netty to exhaust memory via malicious input, leading to a denial of     service. This issue only affected Ubuntu 16.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-11612)

    It was discovered that Netty created temporary files with excessive permissions. A local attacker could     possibly use this issue to expose sensitive information. This issue only affected Ubuntu 16.04 ESM, Ubuntu     18.04 ESM, and Ubuntu 20.04 ESM. (CVE-2021-21290)

    It was discovered that Netty did not properly validate content-length headers. A remote attacker could     possibly use this issue to smuggle requests. This issue was only fixed in Ubuntu 20.04 ESM.
    (CVE-2021-21295, CVE-2021-21409)

    It was discovered that Netty's Bzip2 decompression decoder did not limit the decompressed output data     size. A remote attacker could possibly use this issue to cause Netty to exhaust memory via malicious     input, leading to a denial of service. This issue only affected Ubuntu 18.04 ESM, Ubuntu 20.04 ESM, Ubuntu     22.04 LTS, and Ubuntu 22.10. (CVE-2021-37136)

    It was discovered that Netty's Snappy frame decoder function did not limit chunk lengths. A remote     attacker could possibly use this issue to cause Netty to exhaust memory via malicious input, leading to a     denial of service. (CVE-2021-37137)

    It was discovered that Netty did not properly handle control chars at the beginning and end of header     names. A remote attacker could possibly use this issue to smuggle requests. This issue only affected     Ubuntu 18.04 ESM, Ubuntu 20.04 ESM, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2021-43797)

    It was discovered that Netty could be made into an infinite recursion when parsing a malformed crafted     message. A remote attacker could possibly use this issue to cause Netty to crash, leading to a denial of     service. This issue only affected Ubuntu 20.04 ESM, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-41881)

    It was discovered that Netty did not validate header values under certain circumstances. A remote attacker     could possibly use this issue to perform HTTP response splitting via malicious header values. This issue     only affected Ubuntu 18.04 ESM, Ubuntu 20.04 ESM, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-41915)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Oracle WebCenter Portal installed on the remote host is missing a security patch from the April 2023 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities:

  - Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework     (Netty)).  Supported versions that are affected are 12.2.1.4.0. Netty project is an event-driven     asynchronous network application framework. In versions prior to 4.1.86.Final, a stack overflow error can be     raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in     version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder. (CVE-2022-41881)

  - Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework     (XStream)).  Supported versions that are affected are 12.2.1.4.0. Those using Xstream to seralize     XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input,     an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial     of service attack. (CVE-2022-40151)

  - Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework     (jackson-databind)). Supported versions that are affected are 12.2.1.4.0. In FasterXML jackson-databind before     2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid     deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. Additional fix version in     2.13.4.1 and 2.12.17.1 (CVE-2022-42003)

Note that Nessus has not attempted to exploit this issue but has instead relied only on the application's self-reported version number.

The 12.2.1.4.0 and 14.1.1.0.0 versions of Coherence installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2023 CPU advisory.

  - Vulnerability in the Netty component of Oracle Coherence 12.2.1.4.0 and 14.1.1.0.0. Netty component is an     event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a     StackOverflowError can be raised when parsing a malformed crafted message due to an  infinite recursion.
    (CVE-2022-41881)

  - Vulnerability in the jackson-databind component of Oracle Coherence 12.2.1.4.0 and 14.1.1.0.0. In FasterXML     jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive     value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is     enabled. (CVE-2022-42003)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1513 advisory.

    Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly     application runtime.

    This release of Red Hat JBoss Enterprise Application Platform 7.4.10 serves as a replacement for Red Hat     JBoss Enterprise Application Platform 7.4.9, and includes bug fixes and enhancements. See the Red Hat     JBoss Enterprise Application Platform 7.4.10 Release Notes for information about the most significant bug     fixes and enhancements included in this release.

    Security Fix(es):

    * SnakeYaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)

    * hsqldb: Untrusted input may lead to RCE attack (CVE-2022-41853)

    * Undertow: Infinite loop in SslConduit during close (CVE-2023-1108)

    * undertow: Server identity in https connection is not checked by the undertow client (CVE-2022-4492)

    * snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode (CVE-2022-38752)

    * dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)

    * codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881)

    * apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider     (CVE-2022-45787)

    * RESTEasy: creation of insecure temp files (CVE-2023-0482)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1514 advisory.

    Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly     application runtime.

    This release of Red Hat JBoss Enterprise Application Platform 7.4.10 serves as a replacement for Red Hat     JBoss Enterprise Application Platform 7.4.9, and includes bug fixes and enhancements. See the Red Hat     JBoss Enterprise Application Platform 7.4.10 Release Notes for information about the most significant bug     fixes and enhancements included in this release.

    Security Fix(es):

    * SnakeYaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)

    * hsqldb: Untrusted input may lead to RCE attack (CVE-2022-41853)

    * Undertow: Infinite loop in SslConduit during close (CVE-2023-1108)

    * undertow: Server identity in https connection is not checked by the undertow client (CVE-2022-4492)

    * snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode (CVE-2022-38752)

    * dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)

    * codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881)

    * apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider     (CVE-2022-45787)

    * RESTEasy: creation of insecure temp files (CVE-2023-0482)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1512 advisory.

    Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly     application runtime.

    This release of Red Hat JBoss Enterprise Application Platform 7.4.10 serves as a replacement for Red Hat     JBoss Enterprise Application Platform 7.4.9 and includes bug fixes and enhancements. See the Red Hat JBoss     Enterprise Application Platform 7.4.10 Release Notes for information about the most significant bug fixes     and enhancements included in this release.

    Security Fix(es):

    * SnakeYaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)

    * hsqldb: Untrusted input may lead to RCE attack (CVE-2022-41853)

    * Undertow: Infinite loop in SslConduit during close (CVE-2023-1108)

    * undertow: Server identity in https connection is not checked by the undertow client (CVE-2022-4492)

    * snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode (CVE-2022-38752)

    * dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)

    * codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881)

    * apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider     (CVE-2022-45787)

    * RESTEasy: creation of insecure temp files (CVE-2023-0482)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3268 advisory.

  - The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed     output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are     affected. The malicious input can trigger an OOME and so a DoS attack (CVE-2021-37136)

  - The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory     usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which     may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious     input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable     chunk. (CVE-2021-37137)

  - Netty is an asynchronous event-driven network application framework for rapid development of maintainable     high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when     they are present at the beginning / end of the header name. It should instead fail fast as these are not     allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause     netty to sanitize header names before it forward these to another remote system when used as proxy. This     remote system can't see the invalid usage anymore, and therefore does not do the validation itself. Users     should upgrade to version 4.1.71.Final. (CVE-2021-43797)

  - Netty project is an event-driven asynchronous network application framework. In versions prior to     4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an     infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a     custom HaProxyMessageDecoder. (CVE-2022-41881)

  - Netty project is an event-driven asynchronous network application framework. Starting in version     4.1.83.Final and prior to 4.1.86.Final, when calling `DefaultHttpHeadesr.set` with an _iterator_ of     values, header value validation was not performed, allowing malicious header values in the iterator to     perform HTTP Response Splitting. This issue has been patched in version 4.1.86.Final. Integrators can work     around the issue by changing the `DefaultHttpHeaders.set(CharSequence, Iterator<?>)` call, into a     `remove()` call, and call `add()` in a loop over the iterator of values. (CVE-2022-41915)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5316 advisory.

  - The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed     output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are     affected. The malicious input can trigger an OOME and so a DoS attack (CVE-2021-37136)

  - The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory     usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which     may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious     input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable     chunk. (CVE-2021-37137)

  - Netty is an asynchronous event-driven network application framework for rapid development of maintainable     high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when     they are present at the beginning / end of the header name. It should instead fail fast as these are not     allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause     netty to sanitize header names before it forward these to another remote system when used as proxy. This     remote system can't see the invalid usage anymore, and therefore does not do the validation itself. Users     should upgrade to version 4.1.71.Final. (CVE-2021-43797)

  - Netty project is an event-driven asynchronous network application framework. In versions prior to     4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an     infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a     custom HaProxyMessageDecoder. (CVE-2022-41881)

  - Netty project is an event-driven asynchronous network application framework. Starting in version     4.1.83.Final and prior to 4.1.86.Final, when calling `DefaultHttpHeadesr.set` with an _iterator_ of     values, header value validation was not performed, allowing malicious header values in the iterator to     perform HTTP Response Splitting. This issue has been patched in version 4.1.86.Final. Integrators can work     around the issue by changing the `DefaultHttpHeaders.set(CharSequence, Iterator<?>)` call, into a     `remove()` call, and call `add()` in a loop over the iterator of values. (CVE-2022-41915)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
202724	Oracle Database Server (Jul 2024 CPU)	Nessus	Databases	high
188072	Oracle TimesTen 22.x < 22.1.1.7.0 Multiple Vulnerabilities (July 2023 CPU)	Nessus	Misc.	critical
177502	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : netty, netty-tcnative (SUSE-SU-2023:2096-2)	Nessus	SuSE Local Security Checks	medium
175558	RHEL 7 : Red Hat Single Sign-On 7.6.3 security update on RHEL 7 (Moderate) (RHSA-2023:2705)	Nessus	Red Hat Local Security Checks	high
175557	RHEL 8 : Red Hat Single Sign-On 7.6.3 security update on RHEL 8 (Moderate) (RHSA-2023:2706)	Nessus	Red Hat Local Security Checks	high
175556	RHEL 9 : Red Hat Single Sign-On 7.6.3 security update on RHEL 9 (Moderate) (RHSA-2023:2707)	Nessus	Red Hat Local Security Checks	high
175429	IBM Cognos Analytics Multiple Vulnerabilities (6986505)	Nessus	CGI abuses	critical
175387	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : netty, netty-tcnative (SUSE-SU-2023:2096-1)	Nessus	SuSE Local Security Checks	medium
174932	Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 LTS : Netty vulnerabilities (USN-6049-1)	Nessus	Ubuntu Local Security Checks	medium
174540	Oracle WebCenter Portal Multiple Vulnerabilities (April 2023 CPU)	Nessus	Misc.	medium
174510	Oracle Coherence (Apr 2023 CPU)	Nessus	Misc.	high
173692	RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.10 on RHEL 8 (RHSA-2023:1513)	Nessus	Red Hat Local Security Checks	critical
173691	RHEL 9 : Red Hat JBoss Enterprise Application Platform 7.4.10 on RHEL 9 (RHSA-2023:1514)	Nessus	Red Hat Local Security Checks	critical
173690	RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.10 on RHEL 7 (RHSA-2023:1512)	Nessus	Red Hat Local Security Checks	critical
170079	Debian DLA-3268-1 : netty - LTS security update	Nessus	Debian Local Security Checks	medium
169929	Debian DSA-5316-1 : netty - security update	Nessus	Debian Local Security Checks	medium

Detections

Analytics

CVE-2022-41881

high

Tenable Plugins

high

critical

medium

high

high

high

critical

medium

medium

medium

high

critical

critical

critical

medium

medium