The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2927 advisory.

    Red Hat Satellite is a systems management tool for Linux-based infrastructure.
    It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single     centralized tool.

    Security Fix(es):

    * jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525)     (CVE-2017-15095)

    * hornetq: XXE/SSRF in XPath selector (CVE-2015-3208)

    * bouncycastle: Information disclosure in GCMBlockCipher (CVE-2015-6644)

    * bouncycastle: DSA does not fully validate ASN.1 encoding during signature verification allowing for     injection of unsigned data (CVE-2016-1000338)

    * bouncycastle: Information leak in AESFastEngine class (CVE-2016-1000339)

    * bouncycastle: Information exposure in DSA signature generation via timing attack (CVE-2016-1000341)

    * bouncycastle: ECDSA improper validation of ASN.1 encoding of signature (CVE-2016-1000342)

    * bouncycastle: DHIES implementation allowed the use of ECB mode (CVE-2016-1000344)

    * bouncycastle: DHIES/ECIES CBC modes are vulnerable to padding oracle attack (CVE-2016-1000345)

    * bouncycastle: Other party DH public keys are not fully validated (CVE-2016-1000346)

    * bouncycastle: ECIES implementation allowed the use of ECB mode (CVE-2016-1000352)

    * logback: Serialization vulnerability in SocketServer and ServerSocketReceiver (CVE-2017-5929)

    * python-django: Open redirect and possible XSS attack via user-supplied numeric redirect URLs     (CVE-2017-7233)

    * hibernate-validator: Privilege escalation when running under the security manager (CVE-2017-7536)

    * puppet: Environment leakage in puppet-agent (CVE-2017-10690)

    * Satellite 6: XSS in discovery rule filter autocomplete functionality (CVE-2017-12175)

    * foreman: Stored XSS in fact name or value (CVE-2017-15100)

    * pulp: sensitive credentials revealed through the API (CVE-2018-1090)

    * foreman: SQL injection due to improper handling of the widget id parameter (CVE-2018-1096)

    * foreman: Ovirt admin password exposed by foreman API (CVE-2018-1097)

    * django: Catastrophic backtracking in regular expressions via 'urlize' and 'urlizetrunc' (CVE-2018-7536)

    * django: Catastrophic backtracking in regular expressions via 'truncatechars_html' and     'truncatewords_html' (CVE-2018-7537)

    * guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote     attackers to cause a denial of service (CVE-2018-10237)

    * bouncycastle: Carry propagation bug in math.raw.Nat??? class (CVE-2016-1000340)

    * bouncycastle: DSA key pair generator generates a weak private key by default (CVE-2016-1000343)

    * puppet: Unpacking of tarballs in tar/mini.rb can create files with insecure permissions (CVE-2017-10689)

    * bouncycastle: BKS-V1 keystore files vulnerable to trivial hash collisions (CVE-2018-5382)

    For more details about the security issue(s), including the impact, a CVSS score, and other related     information, refer to the CVE page(s) listed in the References section.

    Red Hat would like to thank Liao Xinxi (NSFOCUS) for reporting CVE-2017-15095; and the Django project for     reporting CVE-2017-7233, CVE-2018-7536, and CVE-2018-7537. The CVE-2017-7536 issue was discovered by     Gunnar Morling (Red Hat); and the CVE-2018-1096 issue was discovered by Martin Povolny (Red Hat). Red Hat     would also like to thank David Jorm (IIX Product Security) for reporting CVE-2015-3208.

    Additional Changes:

    This update also fixes several bugs and adds various enhancements. Documentation for these changes is     available from the Release Notes document linked to in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 7 : Satellite 6.4 (RHSA-2018:2927)

critical Nessus Plugin ID 118185

Version 1.11

Version 1.10

Version 1.9

Version 1.11 Mar 16, 2025, 9:10 AM CVE (set "CVE" coverage to "CVE-2015-3208,CVE-2015-6644,CVE-2016-1000338,CVE-2016-1000339,CVE-2016-1000340,CVE-2016-1000341,CVE-2016-1000342,CVE-2016-1000343,CVE-2016-1000344,CVE-2016-1000345,CVE-2016-1000346,CVE-2016-1000352,CVE-2017-5929,CVE-2017-7233,CVE-2017-7536,CVE-2017-10689,CVE-2017-10690,CVE-2017-12175,CVE-2017-15095,CVE-2017-15100,CVE-2018-1090,CVE-2018-1096,CVE-2018-1097,CVE-2018-5382,CVE-2018-6188,CVE-2018-7536,CVE-2018-7537,CVE-2018-10237") CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin metadata Reference Plugin Feed: 202503160910
Version 1.10 Jul 30, 2024, 7:18 AM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") CVSSv2 score source (changed from "CVE-2018-5382" to "CVE-2017-5929") Exploit attributes ("Exploit available" set to "True") Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202407300718
Version 1.9 Dec 6, 2022, 1:01 AM Reference Plugin Feed: 202212060101