The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:1818 advisory.

    Red Hat JBoss Enterprise Application Platform 6 is a platform for Java     applications based on JBoss Application Server 7.

    A resource consumption issue was found in the way Xerces-J handled XML     declarations. A remote attacker could use an XML document with a specially     crafted declaration using a long pseudo-attribute name that, when parsed by     an application using Xerces-J, would cause that application to use an     excessive amount of CPU. (CVE-2013-4002)

    This release of JBoss Enterprise Application Platform also includes bug     fixes and enhancements. A list of these changes is available from the JBoss     Enterprise Application Platform 6.3.2 Downloads page on the Customer     Portal.

    All users of Red Hat JBoss Enterprise Application Platform 6.3 on Red Hat     Enterprise Linux 6 are advised to upgrade to these updated packages.
    The JBoss server process must be restarted for the update to take effect.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 6 : Red Hat JBoss Enterprise Application Platform 6.3.2 update (Moderate) (RHSA-2014:1818)

medium Nessus Plugin ID 79115

Version 1.15