The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0271 advisory.

    Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss     Application Server.

    This release of Red Hat JBoss Enterprise Application Platform 6.4.19 serves as a replacement for Red Hat     JBoss Enterprise Application Platform 6.4.18, and includes bug fixes and enhancements, which are     documented in the Release Notes document linked to in the References.

    Security Fix(es):

    * It was found that when Artemis and HornetQ are configured with UDP discovery and JGroups discovery a     huge byte array is created when receiving an unexpected multicast message. This may result in a heap     memory exhaustion, full GC, or OutOfMemoryError. (CVE-2017-12174)

    * A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false     and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code     execution. (CVE-2017-12617)

    * A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions     3.3.10.Final-redhat-1, reads from an empty buffer. An attacker could use this flaw to cause denial of     service via high CPU caused by an infinite loop. (CVE-2018-1041)

    The CVE-2017-12174 issue was discovered by Masafumi Miura (Red Hat).

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 5 : Red Hat JBoss Enterprise Application Platform 6.4.19 (RHSA-2018:0271)

high Nessus Plugin ID 194092

Version 1.3

Version 1.2

Version 1.1

Version 1.0

Version 1.3 Nov 5, 2024, 12:50 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Plugin metadata Plugin Feed: 202411051250
Version 1.2 Apr 29, 2024, 9:06 AM Exploit attributes ("Exploit framework core" set to "True") Exploit attributes ("Exploit framework d2 elliot" set to "True") Exploit attributes ("Exploit framework metasploit" set to "True") Exploit attributes ("Exploited by malware" set to "True") Plugin Feed: 202404290906
Version 1.1 Apr 28, 2024, 10:10 PM CEA reference Plugin Feed: 202404282210
Version 1.0 Apr 28, 2024, 3:17 AM New Plugin Feed: 202404280317