The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:0455 advisory.

    Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web     applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache     Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.

    This release of Red Hat JBoss Web Server 3.1.0 serves as a replacement for Red Hat JBoss Web Server 3.0.3,     and includes enhancements.

    Security Fix(es):

    * It was reported that the Tomcat init script performed unsafe file handling, which could result in local     privilege escalation. (CVE-2016-1240)

    * It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat     initialization script as writeable to the tomcat group. A member of the group or a malicious web     application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-6325)

    * The JmxRemoteLifecycleListener was not updated to take account of Oracle's fix for CVE-2016-3427.
    JMXRemoteLifecycleListener is only included in EWS 2.x and JWS 3.x source distributions. If you deploy a     Tomcat instance built from source, using the EWS 2.x, or JWS 3.x distributions, an attacker could use this     flaw to launch a remote code execution attack on your deployed instance. (CVE-2016-8735)

    * A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of     the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file     if the boundary was the typical tens of bytes long. (CVE-2016-3092)

    * It was discovered that the code that parsed the HTTP request line permitted invalid characters. This     could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a     different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the     attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests     other then their own. (CVE-2016-6816)

    * A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to     the current Processor object being added to the Processor cache multiple times allowing information     leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)

    * The Realm implementations did not process the supplied password if the supplied user name did not exist.
    This made a timing attack possible to determine valid user names. Note that the default configuration     includes the LockOutRealm which makes exploitation of this vulnerability harder. (CVE-2016-0762)

    * It was discovered that a malicious web application could bypass a configured SecurityManager via a     Tomcat utility method that was accessible to web applications. (CVE-2016-5018)

    * It was discovered that when a SecurityManager is configured Tomcat's system property replacement feature     for configuration files could be used by a malicious web application to bypass the SecurityManager and     read system properties that should not be visible. (CVE-2016-6794)

    * It was discovered that a malicious web application could bypass a configured SecurityManager via     manipulation of the configuration parameters for the JSP Servlet. (CVE-2016-6796)

    * It was discovered that it was possible for a web application to access any global JNDI resource whether     an explicit ResourceLink had been configured or not. (CVE-2016-6797)

    The CVE-2016-6325 issue was discovered by Red Hat Product Security.

    Enhancement(s):

    This enhancement update adds the Red Hat JBoss Web Server 3.1.0 packages to Red Hat Enterprise Linux 6.
    These packages provide a number of enhancements over the previous version of Red Hat JBoss Web Server.
    (JIRA#JWS-267)

    Users of Red Hat JBoss Web Server are advised to upgrade to these updated packages, which add this     enhancement.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 6 : Red Hat JBoss Web Server 3.1.0 (RHSA-2017:0455)

critical Nessus Plugin ID 97595

Version 3.14

Version 3.13

Version 3.12

Version 3.14 Nov 5, 2024, 12:50 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Plugin metadata Plugin Feed: 202411051250
Version 3.13 Apr 25, 2024, 2:46 AM Detection (updated detection logic) Plugin metadata Reference Plugin Feed: 202404250246
Version 3.12 May 14, 2023, 12:09 PM CISA reference CVSS metrics ("CVSSv2 score" changed from 7.8 to 7.5. "CVSSv2 vector" changed from "CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C" to "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P") CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C") CVSSv2 score source (set to "CVE-2016-8735") CVSSv3 score source (set to "CVE-2016-8735") Exploit attributes ("Exploit framework metasploit" set to "True". "Exploited by malware" set to "True") Plugin Feed: 202305141209