The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue     affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version     1.26.0 which fixes the issue. (CVE-2024-25710)

Note that Nessus relies on the presence of the package as reported by the vendor.

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-561 advisory.

    Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue     affects Apache Commons Compress: from 1.3 through 1.25.0.

    Users are recommended to upgrade to version 1.26.0 which fixes the issue. (CVE-2024-25710)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0726-1 advisory.

  - Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue     affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version     1.26.0 which fixes the issue. (CVE-2024-25710)

  - Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue     affects Apache Commons Compress: from 1.21 before 1.26. Users are recommended to upgrade to version 1.26,     which fixes the issue. (CVE-2024-26308)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Oracle Business Process Management Suite installed on the remote host is affected by multiple vulnerabilities, as referenced in the April 2025 CPU advisory, as follows:

  - Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware     (component: Composer, Common (Apache Commons Compress)). The supported version that is affected     is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the     infrastructure where Oracle Business Process Management Suite executes to compromise Oracle Business     Process Management Suite. Successful attacks require human interaction from a person other than the     attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang     or frequently repeatable crash (complete DOS) of Oracle Business Process Management Suite. (CVE-2024-25710)

  - Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware     (component: Plugins (Apache FOP)). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily     exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle     Business Process Management Suite. Successful attacks of this vulnerability can result in unauthorized     access to critical data or complete access to all Oracle Business Process Management Suite accessible     data. (CVE-2024-28168)

  - Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (component:
    Composer, Third Party (Apache Avro)). The supported version that is affected is 12.2.1.4.0. Easily     exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle     Business Process Management Suite. Successful attacks of this vulnerability can result in unauthorized     update, insert or delete access to some of Oracle Business Process Management Suite accessible data as     well as unauthorized read access to a subset of Oracle Business Process Management Suite accessible data     and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Process     Management Suite. (CVE-2024-47561)

  - Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware     (component: Runtime Engine (Apache Mina)). Supported versions that are affected are 12.2.1.4.0 and     14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via     HTTP to compromise Oracle Business Process Management Suite. Successful attacks of this vulnerability     can result in takeover of Oracle Business Process Management Suite. (CVE-2024-52046)


Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-560 advisory.

    Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue     affects Apache Commons Compress: from 1.3 through 1.25.0.

    Users are recommended to upgrade to version 1.26.0 which fixes the issue. (CVE-2024-25710)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The 12.2.1.4.0 and 14.1.1.0.0 versions of WebLogic Server installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2024 CPU advisory:

  - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples (handlebars)).     Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows \     unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of     this vulnerability can result in takeover of Oracle WebLogic Server. (CVE-2021-23369)

  - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized Thirdparty     Jars (Bouncy Castle Java Library)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily     exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise     Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset     of Oracle WebLogic Server accessible data. (CVE-2023-2976)

  - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). The     supported version that is affected is 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker     with network access via HTTP/2 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can     result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic     Server. (CVE-2023-44487)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of apache-commons-compress installed on the remote host is prior to 1.5-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2493 advisory.

    Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue     affects Apache Commons Compress: from 1.3 through 1.25.0.

    Users are recommended to upgrade to version 1.26.0 which fixes the issue. (CVE-2024-25710)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-98680 advisory.

  - Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue     affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version     1.26.0 which fixes the issue. (CVE-2024-25710)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The versions of Oracle Application Testing Suite installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2024 CPU advisory.

  - Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component:
    Load Testing for Web Apps (Apache Commons Compress)). The supported version that is affected is 13.3.0.1.
    Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where     Oracle Application Testing Suite executes to compromise Oracle Application Testing Suite. Successful     attacks require human interaction from a person other than the attacker. Successful attacks of this     vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete     DOS) of Oracle Application Testing Suite. (CVE-2023-42503, CVE-2024-26308, CVE-2024-25710)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The versions of Primavera Unifier installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2024 CPU advisory.

  - The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation     can reset many streams quickly, as exploited in the wild in August through October 2023. (CVE-2023-44487)

  - Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Document     Management (Apache Solr)). Supported versions that are affected are 19.12.0-19.12.16, 20.12.0-20.12.16,     21.12.0-21.12.17, 22.12.0-22.12.12 and 23.12.0-23.12.3. Easily exploitable vulnerability allows low     privileged attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of     this vulnerability can result in unauthorized update, insert or delete access to some of Primavera     Unifier accessible data as well as unauthorized read access to a subset of Primavera Unifier accessible     data and unauthorized ability to cause a partial denial of service (partial DOS) of Primavera Unifier.
    (CVE-2023-50298)

  - Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Document     Management (Apache Solr)). Supported versions that are affected are 19.12.0-19.12.16, 20.12.0-20.12.16,     21.12.0-21.12.17, 22.12.0-22.12.12 and  23.12.0-23.12.3. Easily exploitable vulnerability allows low     privileged attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of     this vulnerability can result in unauthorized update, insert or delete access to some of Primavera     Unifier accessible data as well as unauthorized read access to a subset of Primavera Unifier accessible     data and unauthorized ability to cause a partial denial of service (partial DOS) of Primavera Unifier.
    (CVE-2023-50386)

  - Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress. This     issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to     version 1.26.0 which fixes the issue. (CVE-2024-25710)

  - Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress. This issue     affects Apache Commons Compress: from 1.21 before 1.26. Users are recommended to upgrade to version 1.26,     which fixes the issue. (CVE-2024-26308)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
228242	Linux Distros Unpatched Vulnerability : CVE-2024-25710	Nessus	Misc.	3/5/2025	3/5/2025	medium
192448	Amazon Linux 2023 : javapackages-bootstrap (ALAS2023-2024-561)	Nessus	Amazon Linux Local Security Checks	3/21/2024	12/11/2024	medium
191447	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : Java (SUSE-SU-2024:0726-1)	Nessus	SuSE Local Security Checks	3/1/2024	3/1/2024	medium
234503	Oracle Business Process Management Suite (April 2025 CPU)	Nessus	Misc.	4/16/2025	4/17/2025	critical
192455	Amazon Linux 2023 : apache-commons-compress, apache-commons-compress-javadoc (ALAS2023-2024-560)	Nessus	Amazon Linux Local Security Checks	3/21/2024	12/11/2024	medium
193425	Oracle WebLogic Server (April 2024 CPU)	Nessus	Misc.	4/17/2024	10/18/2024	critical
192216	Amazon Linux 2 : apache-commons-compress (ALAS-2024-2493)	Nessus	Amazon Linux Local Security Checks	3/18/2024	12/11/2024	medium
214071	Atlassian Confluence 7.14.x < 7.19.25 / 7.20.x < 8.5.12 / 8.6.x < 8.9.4 / 9.2.0 (CONFSERVER-98680)	Nessus	CGI abuses	1/14/2025	1/14/2025	medium
209387	Oracle Application Testing Suite (October 2024 CPU)	Nessus	Misc.	10/21/2024	10/21/2024	medium
193436	Oracle Primavera Unifier (April 2024 CPU)	Nessus	CGI abuses	4/17/2024	10/23/2024	high

Detections

Analytics

Plugins Search

medium

medium

medium

critical

medium

critical

medium

medium

medium

high