The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched.

  - commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file (CVE-2024-25710)

Note that Nessus has not tested for this issue but has instead relied on the package manager's report that the package is installed.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0726-1 advisory.

  - Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue     affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version     1.26.0 which fixes the issue. (CVE-2024-25710)

  - Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue     affects Apache Commons Compress: from 1.21 before 1.26. Users are recommended to upgrade to version 1.26,     which fixes the issue. (CVE-2024-26308)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-561 advisory.

  - Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue     affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version     1.26.0 which fixes the issue. (CVE-2024-25710)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-560 advisory.

  - Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue     affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version     1.26.0 which fixes the issue. (CVE-2024-25710)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The 12.2.1.4.0 and 14.1.1.0.0 versions of WebLogic Server installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2024 CPU advisory:

  - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples (handlebars)).     Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows \     unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of     this vulnerability can result in takeover of Oracle WebLogic Server. (CVE-2021-23369)

  - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized Thirdparty     Jars (Bouncy Castle Java Library)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily     exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise     Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset     of Oracle WebLogic Server accessible data. (CVE-2023-2976)

  - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). The     supported version that is affected is 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker     with network access via HTTP/2 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can     result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic     Server. (CVE-2023-44487)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The versions of Oracle Application Testing Suite installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2024 CPU advisory.

  - Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component:
    Load Testing for Web Apps (Apache Commons Compress)). The supported version that is affected is 13.3.0.1.
    Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where     Oracle Application Testing Suite executes to compromise Oracle Application Testing Suite. Successful     attacks require human interaction from a person other than the attacker. Successful attacks of this     vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete     DOS) of Oracle Application Testing Suite. (CVE-2023-42503, CVE-2024-26308, CVE-2024-25710)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The versions of Primavera Unifier installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2024 CPU advisory.

  - The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation     can reset many streams quickly, as exploited in the wild in August through October 2023. (CVE-2023-44487)

  - Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Document     Management (Apache Solr)). Supported versions that are affected are 19.12.0-19.12.16, 20.12.0-20.12.16,     21.12.0-21.12.17, 22.12.0-22.12.12 and 23.12.0-23.12.3. Easily exploitable vulnerability allows low     privileged attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of     this vulnerability can result in unauthorized update, insert or delete access to some of Primavera     Unifier accessible data as well as unauthorized read access to a subset of Primavera Unifier accessible     data and unauthorized ability to cause a partial denial of service (partial DOS) of Primavera Unifier.
    (CVE-2023-50298)

  - Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Document     Management (Apache Solr)). Supported versions that are affected are 19.12.0-19.12.16, 20.12.0-20.12.16,     21.12.0-21.12.17, 22.12.0-22.12.12 and  23.12.0-23.12.3. Easily exploitable vulnerability allows low     privileged attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of     this vulnerability can result in unauthorized update, insert or delete access to some of Primavera     Unifier accessible data as well as unauthorized read access to a subset of Primavera Unifier accessible     data and unauthorized ability to cause a partial denial of service (partial DOS) of Primavera Unifier.
    (CVE-2023-50386)

  - Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress. This     issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to     version 1.26.0 which fixes the issue. (CVE-2024-25710)

  - Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress. This issue     affects Apache Commons Compress: from 1.21 before 1.26. Users are recommended to upgrade to version 1.26,     which fixes the issue. (CVE-2024-26308)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of apache-commons-compress installed on the remote host is prior to 1.5-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2493 advisory.

  - Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue     affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version     1.26.0 which fixes the issue. (CVE-2024-25710)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
199859	RHEL 6 : commons-compress (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	6/3/2024	6/3/2024	medium
191447	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : Java (SUSE-SU-2024:0726-1)	Nessus	SuSE Local Security Checks	3/1/2024	3/1/2024	medium
192448	Amazon Linux 2023 : javapackages-bootstrap (ALAS2023-2024-561)	Nessus	Amazon Linux Local Security Checks	3/21/2024	3/21/2024	medium
192455	Amazon Linux 2023 : apache-commons-compress, apache-commons-compress-javadoc (ALAS2023-2024-560)	Nessus	Amazon Linux Local Security Checks	3/21/2024	3/21/2024	medium
193425	Oracle WebLogic Server (April 2024 CPU)	Nessus	Misc.	4/17/2024	10/18/2024	critical
209387	Oracle Application Testing Suite (October 2024 CPU)	Nessus	Misc.	10/21/2024	10/21/2024	medium
193436	Oracle Primavera Unifier (April 2024 CPU)	Nessus	CGI abuses	4/17/2024	10/23/2024	high
192216	Amazon Linux 2 : apache-commons-compress (ALAS-2024-2493)	Nessus	Amazon Linux Local Security Checks	3/18/2024	3/18/2024	medium

Detections

Analytics

Plugins Search

medium

medium

medium

medium

critical

medium

high

medium