REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability.

The version of ruby / rubygem-rexml installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-41946 advisory.

  - REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that     has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to     fix the vulnerability. (CVE-2024-41946)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:6784 advisory.

    * rexml: DoS vulnerability in REXML (CVE-2024-39908)
    * rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace     character, >] and ]> (CVE-2024-41123)
    * rexml: DoS vulnerability in REXML (CVE-2024-41946)
    * rexml: DoS vulnerability in REXML (CVE-2024-43398)

Tenable has extracted the preceding description block directly from the AlmaLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:6785 advisory.

    * rexml: DoS vulnerability in REXML (CVE-2024-39908)
    * rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace     character, >] and ]> (CVE-2024-41123)
    * rexml: DoS vulnerability in REXML (CVE-2024-41946)
    * rexml: DoS vulnerability in REXML (CVE-2024-43398)

Tenable has extracted the preceding description block directly from the AlmaLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-6785 advisory.

    - Fix DoS vulnerability in rexml.
      (CVE-2024-39908)       (CVE-2024-41946)       (CVE-2024-43398)       Resolves: RHEL-57573       Resolves: RHEL-57570       Resolves: RHEL-57578
    - Fix REXML DoS when parsing an XML having many specific characters such as       whitespace character, >] and ]>.
      (CVE-2024-41123)       Resolves: RHEL-57567
    - Fix buffer overread vulnerability in StringIO.
      (CVE-2024-27280)       Resolves: RHEL-37699
    - Fix RCE vulnerability with .rdoc_options in RDoc.
      (CVE-2024-27281)       Resolves: RHEL-37696
    - Fix Arbitrary memory address read vulnerability with Regex search.
      (CVE-2024-27282)       Resolves: RHEL-37698

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-6784 advisory.

    - Fix DoS vulnerability in rexml.
      (CVE-2024-39908)       (CVE-2024-41946)       (CVE-2024-43398)       Resolves: RHEL-57049       Resolves: RHEL-57054       Resolves: RHEL-57069
    - Fix REXML DoS when parsing an XML having many specific characters such as       whitespace character, >] and ]>.
      (CVE-2024-41123)       Resolves: RHEL-52783

    rubygem-abrt

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:6670 advisory.

    * rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace     character, >] and ]> (CVE-2024-41123)
    * rexml: DoS vulnerability in REXML (CVE-2024-41946)
    * rexml: DoS vulnerability in REXML (CVE-2024-43398)

Tenable has extracted the preceding description block directly from the AlmaLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-6670 advisory.

    [0.10.18-2.0.1.el8_10.2]
    - Replace HAM-logo.png with a generic one

    [0.10.18-2.el8_10.2]
    - Updated rubygem rexml       Resolves: RHEL-52409, RHEL-52788, RHEL-55997

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:6703 advisory.

    The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.

    Security Fix(es):

    * rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace     character, >] and ]> (CVE-2024-41123)

    * rexml: DoS vulnerability in REXML (CVE-2024-41946)

    * rexml: DoS vulnerability in REXML (CVE-2024-43398)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:6702 advisory.

    The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.

    Security Fix(es):

    * rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace     character, >] and ]> (CVE-2024-41123)

    * rexml: DoS vulnerability in REXML (CVE-2024-41946)

    * rexml: DoS vulnerability in REXML (CVE-2024-43398)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:6670 advisory.

    * rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace     character, >] and ]> (CVE-2024-41123)

    * rexml: DoS vulnerability in REXML (CVE-2024-41946)

    * rexml: DoS vulnerability in REXML (CVE-2024-43398)

Tenable has extracted the preceding description block directly from the Rocky Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:6670 advisory.

    The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.

    Security Fix(es):

    * rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace     character, >] and ]> (CVE-2024-41123)

    * rexml: DoS vulnerability in REXML (CVE-2024-41946)

    * rexml: DoS vulnerability in REXML (CVE-2024-43398)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
207763	CBL Mariner 2.0 Security Update: ruby / rubygem-rexml (CVE-2024-41946)	Nessus	MarinerOS Local Security Checks	high
207533	AlmaLinux 8 : ruby:3.3 (ALSA-2024:6784)	Nessus	Alma Linux Local Security Checks	high
207529	AlmaLinux 9 : ruby:3.3 (ALSA-2024:6785)	Nessus	Alma Linux Local Security Checks	high
207471	Oracle Linux 9 : ruby:3.3 (ELSA-2024-6785)	Nessus	Oracle Linux Local Security Checks	high
207470	Oracle Linux 8 : ruby:3.3 (ELSA-2024-6784)	Nessus	Oracle Linux Local Security Checks	high
207341	AlmaLinux 8 : pcs (ALSA-2024:6670)	Nessus	Alma Linux Local Security Checks	high
207335	Oracle Linux 8 : pcs (ELSA-2024-6670)	Nessus	Oracle Linux Local Security Checks	high
207320	RHEL 8 : pcs (RHSA-2024:6703)	Nessus	Red Hat Local Security Checks	high
207317	RHEL 8 : pcs (RHSA-2024:6702)	Nessus	Red Hat Local Security Checks	high
207307	Rocky Linux 8 : pcs (RLSA-2024:6670)	Nessus	Rocky Linux Local Security Checks	high
207295	RHEL 8 : pcs (RHSA-2024:6670)	Nessus	Red Hat Local Security Checks	high

Detections

Analytics

CVE-2024-41946

high

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

high