The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2186 advisory.

    This release adds the new Apache HTTP Server 2.4.29 packages that are part     of the JBoss Core Services offering.

    This release serves as a replacement for Red Hat JBoss Core Services     Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer to the Release Notes for     information on the most significant bug fixes,     enhancements and component upgrades included in this release.

    This release upgrades OpenSSL to version 1.0.2.n

    Security Fix(es):

    *  openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() (CVE-2016-2182)

    *  openssl: Insufficient TLS session ticket HMAC length checks (CVE-2016-6302)

    *  openssl: certificate message OOB reads (CVE-2016-6306)

    *  openssl: Carry propagating bug in Montgomery multiplication (CVE-2016-7055)

    *  openssl: Truncated packet could crash via OOB read (CVE-2017-3731)

    *  openssl: BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)

    *  openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)

    *  openssl: Read/write after SSL object in error state (CVE-2017-3737)

    *  openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)

    Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6306     and CVE-2016-7055. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of     CVE-2016-6306.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 6 : Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 6 (RHSA-2018:2186)

critical Nessus Plugin ID 111147

Version 1.9

Version 1.8

Version 1.7

Version 1.9 Nov 5, 2024, 12:50 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Plugin metadata Plugin Feed: 202411051250
Version 1.8 Sep 4, 2024, 9:21 AM Exploit attributes ("Exploit available" set to "False") Exploit attributes ("Exploitability ease" set to "No known exploits are available") Plugin Feed: 202409040921
Version 1.7 Apr 28, 2024, 2:25 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:U/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:U/RL:O/RC:C") CVSSv2 score source (set to "CVE-2016-2182") Detection (updated detection logic) Plugin metadata Reference Plugin Feed: 202404281425