The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - webkitgtk: heap-based buffer overflow (WSA-2015-0001) (CVE-2014-1303)

  - webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-40414)

  - Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote attackers to cause a     denial of service or possibly have unspecified other impact via vectors related to the handling of input.
    (CVE-2013-2871)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package is installed.

Detections

Analytics

RHEL 7 : webkitgtk (Unpatched Vulnerability)

critical Nessus Plugin ID 199451

Version 1.3

Version 1.2

Version 1.1

Version 1.3 Oct 8, 2024, 5:16 AM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Plugin metadata Plugin Feed: 202410080516
Version 1.2 Jun 4, 2024, 8:32 AM Exploit attributes ("Exploit framework metasploit" set to "True") Exploit attributes ("Exploited by malware" set to "True") Plugin Feed: 202406040832
Version 1.1 Jun 4, 2024, 3:18 AM New Plugin Feed: 202406040318