The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1297 advisory.

    Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This     software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged     under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent     update experience.

    This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.29 Service Pack 2 serves as an update     to Red Hat JBoss Core Services Apache HTTP Server 2.4.29, and includes bug fixes for CVEs which are linked     to in the References section.

    Security Fix(es):

    * openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client     to hang (CVE-2018-0732)

    * openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495)

    * httpd: privilege escalation from modules scripts (CVE-2019-0211)

    Details around this issue, including information about the CVE, severity of the issue, and CVSS scores can     be found on the CVE pages listed in the References section below.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 6 / 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP2 (RHSA-2019:1297)

high Nessus Plugin ID 125616

Version 1.12

Version 1.10

Version 1.9

Version 1.12 Nov 7, 2024, 2:42 AM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Plugin metadata Plugin Feed: 202411070242
Version 1.10 Apr 25, 2023, 11:11 PM CVSS temporal metrics (Adjust exploitability metrics for CISA KEV vulnerabilities) Plugin Feed: 202304252311
Version 1.9 Dec 6, 2022, 1:01 AM Reference Plugin Feed: 202212060101