The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2424 advisory.

  - cxf: Improper size validation in message attachment header for JAX-WS and JAX-RS services (CVE-2017-12624)

  - apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.* (CVE-2018-8039)

  - guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote     attackers to cause a denial of service (CVE-2018-10237)

  - wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip)     (CVE-2018-10862)

  - bouncycastle: flaw in the low-level interface to RSA key pair generator (CVE-2018-1000180)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.1.4 on RHEL7 (RHSA-2018:2424)

critical Nessus Plugin ID 112030

Version 1.11

Version 1.10

Version 1.9

Version 1.8

Version 1.11 Feb 18, 2025, 11:54 PM Plugin metadata (CVSS 3 Change AC:H --> AC:L where needed) Plugin Feed: 202502182354
Version 1.10 Aug 15, 2024, 7:24 AM Exploit attributes ("Exploit available" set to "False") Exploit attributes ("Exploitability ease" set to "No known exploits are available") Plugin Feed: 202408150724
Version 1.9 Apr 28, 2024, 2:25 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:U/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:U/RL:O/RC:C") CVSSv2 score source (set to "CVE-2018-8039") Detection (updated detection logic) Plugin metadata Reference Plugin Feed: 202404281425
Version 1.8 Dec 6, 2022, 1:01 AM Reference Plugin Feed: 202212060101