The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0004 advisory.

  - RESTEasy: Abuse of GZIPInterceptor in RESTEasy can lead to denial of service attack (CVE-2016-6346)

  - undertow: HTTP Request smuggling vulnerability (incomplete fix of CVE-2017-2666) (CVE-2017-7559)

  - resteasy: Vary header not added by CORS filter leading to cache poisoning (CVE-2017-7561)

  - undertow: improper whitespace parsing leading to potential HTTP request smuggling (CVE-2017-12165)

  - EAP-7: Wrong privileges on multiple property files (CVE-2017-12167)

  - jboss: unsafe chown of server.log in jboss init script allows privilege escalation (Incomplete fix for     CVE-2016-8656) (CVE-2017-12189)

  - Solr: Code execution via entity expansion (CVE-2017-12629)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.0.9 security update on RHEL 7 (Important) (RHSA-2018:0004)

critical Nessus Plugin ID 105560

Version 3.16

Version 3.15

Version 3.16 Jun 14, 2024, 2:32 PM IAVM reference Plugin Feed: 202406141432
Version 3.15 Apr 28, 2024, 1:01 AM CVSSv2 score source (set to "CVE-2017-12629") Detection (updated detection logic) Plugin metadata Reference Plugin Feed: 202404280101