The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:1451 advisory.

    The jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise     Application Platform running on the Amazon Web Services (AWS) Elastic Compute Cloud (EC2).

    With this update, the jboss-ec2-eap package has been updated to ensure     compatibility with Red Hat JBoss Enterprise Application Platform 6.4.19.

    Security Fix(es):

    * jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525)     (CVE-2017-15095)

    * jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for     CVE-2017-15095) (CVE-2017-17485)

    * slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution     (CVE-2018-8088)

    * Apache ActiveMQ Artemis: Deserialization of untrusted input vulnerability (CVE-2016-4978)

    * solr: Directory traversal via Index Replication HTTP API (CVE-2017-3163)

    * tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure     of resources (CVE-2018-1304)

    * jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries     (CVE-2018-7489)

    For more details about the security issue(s), including the impact, a CVSS score, and other related     information, refer to the CVE page(s) listed in the References section.

    Red Hat would like to thank Liao Xinxi (NSFOCUS) for reporting CVE-2017-15095; 0c0c0f from     360 for reporting CVE-2017-17485; and Chris McCown for reporting CVE-2018-8088.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 6 : eap6-jboss-ec2-eap (RHSA-2018:1451)

critical Nessus Plugin ID 109838

Version 1.8