A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy (mod_proxy_ajp) would use the response headers from the previous request leading to an information leak.

An update of the apache package has been released.

The version of AOS installed on the remote host is prior to 6.5.4. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.5.4 advisory.

  - The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path,     leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in     /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an     incomplete fix for CVE-2016-10009. (CVE-2023-38408)

  - Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting     in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note     that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is     not enabled by default and must be explicitly configured. (CVE-2023-24998)

  - An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting     methods by supplying a URL that starts with blank characters. (CVE-2023-24329)

  - A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations,     impacting the confidentiality and integrity of the guest virtual machine. (CVE-2023-20867)

  - A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if     a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response     which in turn meant that at least one AJP proxy (mod_proxy_ajp) would use the response headers from the     previous request leading to an information leak. (CVE-2023-34981)

  - Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility     (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable     Runtime Utility (APR-util) 1.6.1 and prior versions. (CVE-2022-25147)

  - Every `named` instance configured to run as a recursive resolver maintains a cache database holding the     responses to the queries it has recently sent to authoritative servers. The size limit for that cache     database can be configured using the `max-cache-size` statement in the configuration file; it defaults to     90% of the total amount of memory available on the host. When the size of the cache reaches 7/8 of the     configured limit, a cache-cleaning algorithm starts to remove expired and/or least-recently used RRsets     from the cache, to keep memory use below the configured limit. It has been discovered that the     effectiveness of the cache-cleaning algorithm used in `named` can be severely diminished by querying the     resolver for specific RRsets in a certain order, effectively allowing the configured `max-cache-size`     limit to be significantly exceeded. This issue affects BIND 9 versions 9.11.0 through 9.16.41, 9.18.0     through 9.18.15, 9.19.0 through 9.19.13, 9.11.3-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.
    (CVE-2023-2828)

  - When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the     X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2,     10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This     could result in the user agent transmitting the session cookie over an insecure channel. (CVE-2023-28708)

  - A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the     function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The     manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated     identifier of this vulnerability is VDB-211087. (CVE-2022-3564)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18,     17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit     vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE,     Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized     creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM     Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to     all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to     Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java     applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java     sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component,     e.g., through a web service which supplies data to the APIs. (CVE-2023-21930)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: Networking). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf,     11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit     vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise     Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in     unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition     accessible data. Note: This vulnerability applies to Java deployments, typically in clients running     sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g.,     code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also     be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to     the APIs. (CVE-2023-21937)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf,     11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit     vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise     Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in     unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition     accessible data. Note: This vulnerability applies to Java deployments, typically in clients running     sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g.,     code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not     apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed     by an administrator). (CVE-2023-21938)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: Swing). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18,     17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability     allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM     Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or     delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This     vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start     applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the     internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using     APIs in the specified Component, e.g., through a web service which supplies data to the APIs.
    (CVE-2023-21939)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18,     17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability     allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE,     Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized     access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition     accessible data. Note: This vulnerability applies to Java deployments, typically in clients running     sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g.,     code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also     be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to     the APIs. (CVE-2023-21954)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18,     17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit     vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE,     Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized     ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM     Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running     sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g.,     code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also     be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to     the APIs. (CVE-2023-21967)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf,     11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit     vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise     Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in     unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition     accessible data. Note: This vulnerability applies to Java deployments, typically in clients running     sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g.,     code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also     be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to     the APIs. (CVE-2023-21968)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of AOS installed on the remote host is prior to 6.7. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.7 advisory.

  - Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting     in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note     that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is     not enabled by default and must be explicitly configured. (CVE-2023-24998)

  - A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations,     impacting the confidentiality and integrity of the guest virtual machine. (CVE-2023-20867)

  - A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if     a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response     which in turn meant that at least one AJP proxy (mod_proxy_ajp) would use the response headers from the     previous request leading to an information leak. (CVE-2023-34981)

  - An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory     writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110,     Thunderbird < 102.8, and Firefox ESR < 102.8. (CVE-2023-0767)

  - When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the     X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2,     10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This     could result in the user agent transmitting the session cookie over an insecure channel. (CVE-2023-28708)

  - There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName.
    X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME     incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently     interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL     checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may     allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or     enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate     chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these     inputs, the other input must already contain an X.400 address as a CRL distribution point, which is     uncommon. As such, this vulnerability is most likely to only affect applications which have implemented     their own functionality for retrieving CRLs over a network. (CVE-2023-0286)

  - zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a     large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some     common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g.,     see the nodejs/node reference). (CVE-2022-37434)

  - Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap     buffer overflow when octet-counted framing is used. This can result in a segfault or some other     malfunction. As of our understanding, this vulnerability can not be used for remote code execution. But     there may still be a slight chance for experts to do that. The bug occurs when the octet count is read.
    While there is a check for the maximum number of octets, digits are written to a heap buffer even when the     octet count is over the maximum, This can be used to overrun the memory buffer. However, once the sequence     of digits stop, no additional characters can be added to the buffer. In our opinion, this makes remote     exploits impossible or at least highly complex. Octet-counted framing is one of two potential framing     modes. It is relatively uncommon, but enabled by default on receivers. Modules `imtcp`, `imptcp`,     `imgssapi`, and `imhttp` are used for regular syslog message reception. It is best practice not to     directly expose them to the public. When this practice is followed, the risk is considerably lower. Module     `imdiag` is a diagnostics module primarily intended for testbench runs. We do not expect it to be present     on any production installation. Octet-counted framing is not very common. Usually, it needs to be     specifically enabled at senders. If users do not need it, they can turn it off for the most important     modules. This will mitigate the vulnerability. (CVE-2022-24903)

  - Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer     underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the     total_len value may end up wrapping around to a small integer number which will be used in memory     allocation. If the attack succeeds in such way, subsequent operations can write past the end of the     buffer. (CVE-2022-28733)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18,     17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit     vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE,     Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized     creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM     Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to     all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to     Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java     applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java     sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component,     e.g., through a web service which supplies data to the APIs. (CVE-2023-21930)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: Networking). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf,     11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit     vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise     Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in     unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition     accessible data. Note: This vulnerability applies to Java deployments, typically in clients running     sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g.,     code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also     be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to     the APIs. (CVE-2023-21937)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf,     11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit     vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise     Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in     unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition     accessible data. Note: This vulnerability applies to Java deployments, typically in clients running     sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g.,     code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not     apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed     by an administrator). (CVE-2023-21938)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: Swing). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18,     17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability     allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM     Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or     delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This     vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start     applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the     internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using     APIs in the specified Component, e.g., through a web service which supplies data to the APIs.
    (CVE-2023-21939)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18,     17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability     allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE,     Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized     access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition     accessible data. Note: This vulnerability applies to Java deployments, typically in clients running     sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g.,     code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also     be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to     the APIs. (CVE-2023-21954)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18,     17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit     vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE,     Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized     ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM     Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running     sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g.,     code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also     be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to     the APIs. (CVE-2023-21967)

  - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE     (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf,     11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit     vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise     Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in     unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition     accessible data. Note: This vulnerability applies to Java deployments, typically in clients running     sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g.,     code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also     be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to     the APIs. (CVE-2023-21968)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

This Solaris system is missing necessary patches to address critical security updates :

  - Vulnerability in the MySQL Enterprise Monitor product of     Oracle MySQL (component: Monitoring: General (Apache     Tomcat)). Supported versions that are affected are     8.0.34 and prior. Easily exploitable vulnerability     allows unauthenticated attacker with network access via     multiple protocols to compromise MySQL Enterprise     Monitor. Successful attacks of this vulnerability can     result in unauthorized ability to cause a hang or     frequently repeatable crash (complete DOS) of MySQL     Enterprise Monitor. CVSS 3.1 Base Score 7.5     (Availability impacts). CVSS Vector:
    (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
    (CVE-2023-28709)

  - Vulnerability in the MySQL Server product of Oracle     MySQL (component: Client programs). Supported versions     that are affected are 5.7.41 and prior and 8.0.32 and     prior. Difficult to exploit vulnerability allows low     privileged attacker with network access via multiple     protocols to compromise MySQL Server. Successful attacks     require human interaction from a person other than the     attacker. Successful attacks of this vulnerability can     result in takeover of MySQL Server. CVSS 3.1 Base Score     7.1 (Confidentiality, Integrity and Availability     impacts). CVSS Vector:
    (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H).
    (CVE-2023-21980)

  - Vulnerability in the MySQL Server product of Oracle     MySQL (component: Server: Optimizer). Supported versions     that are affected are 8.0.32 and prior. Easily     exploitable vulnerability allows low privileged attacker     with network access via multiple protocols to compromise     MySQL Server. Successful attacks of this vulnerability     can result in unauthorized ability to cause a hang or     frequently repeatable crash (complete DOS) of MySQL     Server. CVSS 3.1 Base Score 6.5 (Availability impacts).
    CVSS Vector:
    (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
    (CVE-2023-21946)

  - Vulnerability in the MySQL Server product of Oracle     MySQL (component: Server: DDL). Supported versions that     are affected are 8.0.32 and prior. Easily exploitable     vulnerability allows high privileged attacker with     network access via multiple protocols to compromise     MySQL Server. Successful attacks of this vulnerability     can result in unauthorized ability to cause a hang or     frequently repeatable crash (complete DOS) of MySQL     Server as well as unauthorized update, insert or delete     access to some of MySQL Server accessible data. CVSS 3.1     Base Score 5.5 (Integrity and Availability impacts).
    CVSS Vector:
    (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
    (CVE-2023-21929)

  - Vulnerability in the MySQL Server product of Oracle     MySQL (component: InnoDB). Supported versions that are     affected are 8.0.32 and prior. Easily exploitable     vulnerability allows high privileged attacker with     network access via multiple protocols to compromise     MySQL Server. Successful attacks of this vulnerability     can result in unauthorized ability to cause a hang or     frequently repeatable crash (complete DOS) of MySQL     Server. CVSS 3.1 Base Score 4.9 (Availability impacts).
    CVSS Vector:
    (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
    (CVE-2023-21911)

  - Vulnerability in the MySQL Server product of Oracle     MySQL (component: Server: Components Services).
    Supported versions that are affected are 8.0.32 and     prior. Easily exploitable vulnerability allows high     privileged attacker with network access via multiple     protocols to compromise MySQL Server. Successful attacks     of this vulnerability can result in unauthorized ability     to cause a hang or frequently repeatable crash (complete     DOS) of MySQL Server. CVSS 3.1 Base Score 4.9     (Availability impacts). CVSS Vector:
    (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
    (CVE-2023-21962)

  - Vulnerability in the MySQL Server product of Oracle     MySQL (component: Server: DDL). Supported versions that     are affected are 8.0.32 and prior. Easily exploitable     vulnerability allows high privileged attacker with     network access via multiple protocols to compromise     MySQL Server. Successful attacks of this vulnerability     can result in unauthorized ability to cause a hang or     frequently repeatable crash (complete DOS) of MySQL     Server. CVSS 3.1 Base Score 4.9 (Availability impacts).
    CVSS Vector:
    (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
    (CVE-2023-21919)

  - Vulnerability in the MySQL Server product of Oracle     MySQL (component: Server: DDL). Supported versions that     are affected are 8.0.32 and prior. Easily exploitable     vulnerability allows high privileged attacker with     network access via multiple protocols to compromise     MySQL Server. Successful attacks of this vulnerability     can result in unauthorized ability to cause a hang or     frequently repeatable crash (complete DOS) of MySQL     Server. CVSS 3.1 Base Score 4.9 (Availability impacts).
    CVSS Vector:
    (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
    (CVE-2023-21933)

  - Vulnerability in the MySQL Server product of Oracle     MySQL (component: Server: DML). Supported versions that     are affected are 8.0.32 and prior. Easily exploitable     vulnerability allows high privileged attacker with     network access via multiple protocols to compromise     MySQL Server. Successful attacks of this vulnerability     can result in unauthorized ability to cause a hang or     frequently repeatable crash (complete DOS) of MySQL     Server. CVSS 3.1 Base Score 4.9 (Availability impacts).
    CVSS Vector:
    (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
    (CVE-2023-21972)

  - Vulnerability in the MySQL Server product of Oracle     MySQL (component: Server: JSON). Supported versions that     are affected are 8.0.32 and prior. Easily exploitable     vulnerability allows high privileged attacker with     network access via multiple protocols to compromise     MySQL Server. Successful attacks of this vulnerability     can result in unauthorized ability to cause a hang or     frequently repeatable crash (complete DOS) of MySQL     Server. CVSS 3.1 Base Score 4.9 (Availability impacts).
    CVSS Vector:
    (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
    (CVE-2023-21966)

  - Vulnerability in the MySQL Server product of Oracle     MySQL (component: Server: Optimizer). Supported versions     that are affected are 8.0.32 and prior. Easily     exploitable vulnerability allows high privileged     attacker with network access via multiple protocols to     compromise MySQL Server. Successful attacks of this     vulnerability can result in unauthorized ability to     cause a hang or frequently repeatable crash (complete     DOS) of MySQL Server. CVSS 3.1 Base Score 4.9     (Availability impacts). CVSS Vector:
    (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
    (CVE-2023-21920)

  - Vulnerability in the MySQL Server product of Oracle     MySQL (component: Server: Optimizer). Supported versions     that are affected are 8.0.32 and prior. Easily     exploitable vulnerability allows high privileged     attacker with network access via multiple protocols to     compromise MySQL Server. Successful attacks of this     vulnerability can result in unauthorized ability to     cause a hang or frequently repeatable crash (complete     DOS) of MySQL Server. CVSS 3.1 Base Score 4.9     (Availability impacts). CVSS Vector:
    (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
    (CVE-2023-21935)

  - Vulnerability in the MySQL Server product of Oracle     MySQL (component: Server: Optimizer). Supported versions     that are affected are 8.0.32 and prior. Easily     exploitable vulnerability allows high privileged     attacker with network access via multiple protocols to     compromise MySQL Server. Successful attacks of this     vulnerability can result in unauthorized ability to     cause a hang or frequently repeatable crash (complete     DOS) of MySQL Server. CVSS 3.1 Base Score 4.9     (Availability impacts). CVSS Vector:
    (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
    (CVE-2023-21945)

  - Vulnerability in the MySQL Server product of Oracle     MySQL (component: Server: Optimizer). Supported versions     that are affected are 8.0.32 and prior. Easily     exploitable vulnerability allows high privileged     attacker with network access via multiple protocols to     compromise MySQL Server. Successful attacks of this     vulnerability can result in unauthorized ability to     cause a hang or frequently repeatable crash (complete     DOS) of MySQL Server. CVSS 3.1 Base Score 4.9     (Availability impacts). CVSS Vector:
    (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
    (CVE-2023-21976)

  - Vulnerability in the MySQL Server product of Oracle     MySQL (component: Server: Optimizer). Supported versions     that are affected are 8.0.32 and prior. Easily     exploitable vulnerability allows high privileged     attacker with network access via multiple protocols to     compromise MySQL Server. Successful attacks of this     vulnerability can result in unauthorized ability to     cause a hang or frequently repeatable crash (complete     DOS) of MySQL Server. CVSS 3.1 Base Score 4.9     (Availability impacts). CVSS Vector:
    (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
    (CVE-2023-21977)

  - Vulnerability in the MySQL Server product of Oracle     MySQL (component: Server: Optimizer). Supported versions     that are affected are 8.0.32 and prior. Easily     exploitable vulnerability allows high privileged     attacker with network access via multiple protocols to     compromise MySQL Server. Successful attacks of this     vulnerability can result in unauthorized ability to     cause a hang or frequently repeatable crash (complete     DOS) of MySQL Server. CVSS 3.1 Base Score 4.9     (Availability impacts). CVSS Vector:
    (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
    (CVE-2023-21982)

  - Vulnerability in the MySQL Server product of Oracle     MySQL (component: Server: Partition). Supported versions     that are affected are 8.0.32 and prior. Easily     exploitable vulnerability allows high privileged     attacker with network access via multiple protocols to     compromise MySQL Server. Successful attacks of this     vulnerability can result in unauthorized ability to     cause a hang or frequently repeatable crash (complete     DOS) of MySQL Server. CVSS 3.1 Base Score 4.9     (Availability impacts). CVSS Vector:
    (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
    (CVE-2023-21953)

  - Vulnerability in the MySQL Server product of Oracle     MySQL (component: Server: Partition). Supported versions     that are affected are 8.0.32 and prior. Easily     exploitable vulnerability allows high privileged     attacker with network access via multiple protocols to     compromise MySQL Server. Successful attacks of this     vulnerability can result in unauthorized ability to     cause a hang or frequently repeatable crash (complete     DOS) of MySQL Server. CVSS 3.1 Base Score 4.9     (Availability impacts). CVSS Vector:
    (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
    (CVE-2023-21955)

  - Vulnerability in the MySQL Server product of Oracle     MySQL (component: Server: Components Services).
    Supported versions that are affected are 8.0.32 and     prior. Difficult to exploit vulnerability allows high     privileged attacker with network access via multiple     protocols to compromise MySQL Server. Successful attacks     of this vulnerability can result in unauthorized ability     to cause a hang or frequently repeatable crash (complete     DOS) of MySQL Server. CVSS 3.1 Base Score 4.4     (Availability impacts). CVSS Vector:
    (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
    (CVE-2023-21940)

  - Vulnerability in the MySQL Server product of Oracle     MySQL (component: Server: Components Services).
    Supported versions that are affected are 8.0.32 and     prior. Difficult to exploit vulnerability allows high     privileged attacker with network access via multiple     protocols to compromise MySQL Server. Successful attacks     of this vulnerability can result in unauthorized ability     to cause a hang or frequently repeatable crash (complete     DOS) of MySQL Server. CVSS 3.1 Base Score 4.4     (Availability impacts). CVSS Vector:
    (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
    (CVE-2023-21947)

  - Vulnerability in the Oracle Communications Diameter     Signaling Router product of Oracle Communications     (component: Virtual Network Function Manager (git)). The     supported version that is affected is 8.6.0.0. Easily     exploitable vulnerability allows unauthenticated     attacker with logon to the infrastructure where Oracle     Communications Diameter Signaling Router executes to     compromise Oracle Communications Diameter Signaling     Router. Successful attacks require human interaction     from a person other than the attacker. Successful     attacks of this vulnerability can result in takeover of     Oracle Communications Diameter Signaling Router. CVSS     3.1 Base Score 7.8 (Confidentiality, Integrity and     Availability impacts). CVSS Vector:
    (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
    (CVE-2023-29007)

  - Vulnerability in the MySQL Workbench product of Oracle     MySQL (component: Workbench (libxml2)). Supported     versions that are affected are 8.0.33 and prior. Easily     exploitable vulnerability allows unauthenticated     attacker with network access via MySQL Workbench to     compromise MySQL Workbench. Successful attacks require     human interaction from a person other than the attacker.
    Successful attacks of this vulnerability can result in     unauthorized ability to cause a hang or frequently     repeatable crash (complete DOS) of MySQL Workbench. CVSS     3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
    (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).
    (CVE-2023-28484)

  - Vulnerability in the Oracle Retail Advanced Inventory     Planning product of Oracle Retail Applications     (component: Operations & Maintenance (zlib)). Supported     versions that are affected are 15.0 and 16.0. Easily     exploitable vulnerability allows unauthenticated     attacker with network access via HTTP to compromise     Oracle Retail Advanced Inventory Planning. Successful     attacks of this vulnerability can result in takeover of     Oracle Retail Advanced Inventory Planning. CVSS 3.1 Base     Score 9.8 (Confidentiality, Integrity and Availability     impacts). CVSS Vector:
    (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
    (CVE-2022-37434)

  - Vulnerability in the Oracle Enterprise Operations     Monitor product of Oracle Communications (component:
    Mediation Engine (OpenSSL)). Supported versions that are     affected are 5.0 and 5.1. Easily exploitable     vulnerability allows unauthenticated attacker with     network access via TLS to compromise Oracle Enterprise     Operations Monitor. Successful attacks of this     vulnerability can result in unauthorized ability to     cause a hang or frequently repeatable crash (complete     DOS) of Oracle Enterprise Operations Monitor. CVSS 3.1     Base Score 7.5 (Availability impacts). CVSS Vector:
    (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
    (CVE-2023-0215)

  - Vulnerability in the MySQL Server product of Oracle     MySQL (component: Server: Packaging (cURL)). Supported     versions that are affected are 5.7.41 and prior and     8.0.32 and prior. Easily exploitable vulnerability     allows unauthenticated attacker with network access via     multiple protocols to compromise MySQL Server.
    Successful attacks of this vulnerability can result in     unauthorized access to critical data or complete access     to all MySQL Server accessible data. CVSS 3.1 Base Score     7.5 (Confidentiality impacts). CVSS Vector:
    (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
    (CVE-2022-43551)

  - Vulnerability in the MySQL Server product of Oracle     MySQL (component: Server: Security: Privileges).
    Supported versions that are affected are 5.7.41 and     prior and 8.0.30 and prior. Easily exploitable     vulnerability allows unauthenticated attacker with     network access via multiple protocols to compromise     MySQL Server. Successful attacks of this vulnerability     can result in unauthorized ability to cause a hang or     frequently repeatable crash (complete DOS) of MySQL     Server. CVSS 3.1 Base Score 7.5 (Availability impacts).
    CVSS Vector:
    (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
    (CVE-2023-21912)

  - Vulnerability in the MySQL Server product of Oracle     MySQL (component: Client programs). Supported versions     that are affected are 5.7.41 and prior and 8.0.32 and     prior. Difficult to exploit vulnerability allows low     privileged attacker with network access via multiple     protocols to compromise MySQL Server. Successful attacks     require human interaction from a person other than the     attacker. Successful attacks of this vulnerability can     result in takeover of MySQL Server. CVSS 3.1 Base Score     7.1 (Confidentiality, Integrity and Availability     impacts). CVSS Vector:
    (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H).
    (CVE-2023-21980)

  - Vulnerability in the Oracle Communications Diameter     Signaling Router product of Oracle Communications     (component: Virtual Network Function Manager (Libwebp)).
    The supported version that is affected is 8.6.0.0.
    Easily exploitable vulnerability allows unauthenticated     attacker with network access via HTTP to compromise     Oracle Communications Diameter Signaling Router.
    Successful attacks of this vulnerability can result in     unauthorized ability to cause a hang or frequently     repeatable crash (complete DOS) of Oracle Communications     Diameter Signaling Router. CVSS 3.1 Base Score 7.5     (Availability impacts). CVSS Vector:
    (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
    (CVE-2023-1999)

The 19c and 21c versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as referenced in the July CPU advisory.

  - Vulnerability in the Oracle Text (LibExpat) component of Oracle Database Server. Supported versions that     are affected are 19.3-19.19 and 21.3-21.10. Easily exploitable vulnerability allows low privileged     attacker having Create Session, Create Index privilege with network access via Oracle Net to compromise     Oracle Text (LibExpat). Successful attacks of this vulnerability can result in unauthorized ability to     cause a hang or frequently repeatable crash (complete DOS) of Oracle Text (LibExpat). (CVE-2022-43680)

  - Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions     that are affected are 19.3-19.19 and 21.3-21.10. Difficult to exploit vulnerability allows     unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option.
    Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to     some of Advanced Networking Option accessible data. (CVE-2023-21949)

  - Vulnerability in the Unified Audit component of Oracle Database Server. Supported versions that are     affected are 19.3-19.19 and 21.3-21.10. Easily exploitable vulnerability allows high privileged     attacker having SYSDBA privilege with network access via Oracle Net to compromise Unified Audit.
    Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification     access to critical data or all Unified Audit accessible data. (CVE-2023-22034)

  - Security-in-depth updates for CVE-2021-3520, CVE-2022-21189, CVE-2022-45143, CVE-2023-24998, CVE-2023-28708,     CVE-2023-28709, CVE-2023-30533 and CVE-2023-34981

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of AOS installed on the remote host is prior to 6.6.2.7. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.6.2.7 advisory.

  - Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting     in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note     that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is     not enabled by default and must be explicitly configured. (CVE-2023-24998)

  - A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if     a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response     which in turn meant that at least one AJP proxy (mod_proxy_ajp) would use the response headers from the     previous request leading to an information leak. (CVE-2023-34981)

  - When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the     X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2,     10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This     could result in the user agent transmitting the session cookie over an insecure channel. (CVE-2023-28708)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Apache Tomcat installed on the remote host is 8.5.88, 9.0.74, 10.1.8 or 11.0.0-M5. The fix for bug 66512 introduced a regression that was fixed as bug 66591. The regression meant that, if a response did not have any HTTP headers set, no AJP SEND_HEADERS message would be sent which in turn meant that at least one AJP based proxy (mod_proxy_ajp) would use the response headers from the previous request for the current request leading to an information leak.

Note that the scanner has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.

The version of Apache Tomcat installed on the remote host is < 8.5.89. It is, therefore, affected by a vulnerability as referenced in the fixed_in_apache_tomcat_8.5.89_security-8 advisory. Note that Nessus Network Monitor has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Apache Tomcat installed on the remote host is < 10.1.9. It is, therefore, affected by a vulnerability as referenced in the fixed_in_apache_tomcat_10.1.9_security-10 advisory. Note that Nessus Network Monitor has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Apache Tomcat installed on the remote host is < 9.0.75. It is, therefore, affected by a vulnerability as referenced in the fixed_in_apache_tomcat_9.0.75_security-9 advisory. Note that Nessus Network Monitor has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Apache Tomcat installed on the remote host is < 11.0.0-M6. It is, therefore, affected by a vulnerability as referenced in the fixed_in_apache_tomcat_11.0.0-m6_security-11 advisory. Note that Nessus Network Monitor has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Tomcat installed on the remote host is prior to 8.5.89. It is, therefore, affected by a vulnerability as referenced in the fixed_in_apache_tomcat_8.5.89_security-8 advisory.

  - A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if     a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response     which in turn meant that at least one AJP proxy (mod_proxy_ajp) would use the response headers from the     previous request leading to an information leak. (CVE-2023-34981)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Tomcat installed on the remote host is prior to 11.0.0-M6. It is, therefore, affected by a vulnerability as referenced in the fixed_in_apache_tomcat_11.0.0-m6_security-11 advisory.

  - A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if     a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response     which in turn meant that at least one AJP proxy (mod_proxy_ajp) would use the response headers from the     previous request leading to an information leak. (CVE-2023-34981)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Tomcat installed on the remote host is prior to 9.0.75. It is, therefore, affected by a vulnerability as referenced in the fixed_in_apache_tomcat_9.0.75_security-9 advisory.

  - A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if     a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response     which in turn meant that at least one AJP proxy (mod_proxy_ajp) would use the response headers from the     previous request leading to an information leak. (CVE-2023-34981)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Tomcat installed on the remote host is prior to 10.1.9. It is, therefore, affected by a vulnerability as referenced in the fixed_in_apache_tomcat_10.1.9_security-10 advisory.

  - A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if     a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response     which in turn meant that at least one AJP proxy (mod_proxy_ajp) would use the response headers from the     previous request leading to an information leak. (CVE-2023-34981)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
204237	Photon OS 5.0: Apache PHSA-2023-5.0-0093	Nessus	PhotonOS Local Security Checks	high
204192	Photon OS 4.0: Apache PHSA-2023-4.0-0466	Nessus	PhotonOS Local Security Checks	high
182975	Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.5.4)	Nessus	Misc.	critical
180467	Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.7)	Nessus	Misc.	critical
178628	Oracle Solaris Critical Patch Update : jul2023_SRU11_4_59_144_2	Nessus	Solaris Local Security Checks	critical
178468	Oracle Database Server (Jul 2023 CPU)	Nessus	Databases	critical
178215	Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.6.2.7)	Nessus	Misc.	high
113963	Apache Tomcat 8.5.88 Information Disclosure	Web App Scanning	Component Vulnerability	high
113962	Apache Tomcat 9.0.74 Information Disclosure	Web App Scanning	Component Vulnerability	high
113961	Apache Tomcat 10.1.8 Information Disclosure	Web App Scanning	Component Vulnerability	high
113960	Apache Tomcat 11.0.0-M5 Information Disclosure	Web App Scanning	Component Vulnerability	high
701440	Apache Tomcat < 8.5.89 Vulnerability	Nessus Network Monitor	Web Servers	medium
701439	Apache Tomcat < 10.1.9 Vulnerability	Nessus Network Monitor	Web Servers	medium
701438	Apache Tomcat < 9.0.75 Vulnerability	Nessus Network Monitor	Web Servers	medium
701437	Apache Tomcat < 11.0.0-M6 Vulnerability	Nessus Network Monitor	Web Servers	medium
177470	Apache Tomcat 8.5.0 < 8.5.89	Nessus	Web Servers	high
177469	Apache Tomcat 11.0.0-M1 < 11.0.0-M6	Nessus	Web Servers	high
177468	Apache Tomcat 9.0.0 < 9.0.75	Nessus	Web Servers	high
177467	Apache Tomcat 10.1.0 < 10.1.9	Nessus	Web Servers	high

Detections

Analytics

CVE-2023-34981

high

Tenable Plugins

high

high

critical

critical

critical

critical

high

high

high

high

high

medium

medium

medium

medium

high

high

high

high