The remote Redhat Enterprise Linux 7 / 8 / 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:3420 advisory.

    Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web     applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster),     the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.

    This release of Red Hat JBoss Web Server 5.7.3 serves as a replacement for Red Hat JBoss Web Server 5.7.2.
    This release includes bug fixes, enhancements and component upgrades, which are documented in the Release     Notes, linked to in the References.

    Security Fix(es):

    * openssl: X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)
    * openssl: timing attack in RSA Decryption implementation (CVE-2022-4304)
    * openssl: double free after calling PEM_read_bio_ex (CVE-2022-4450)
    * openssl: use-after-free following BIO_new_NDEF (CVE-2023-0215)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient     to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful     decryption an attacker would have to be able to send a very large number of trial messages for decryption.
    The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS     connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An     attacker that had observed a genuine connection between a client and a server could use this flaw to send     trial messages to the server and record the time taken to process them. After a sufficiently large number     of messages the attacker could recover the pre-master secret used for the original connection and thus be     able to decrypt the application data sent over that connection. (CVE-2022-4304)

  - The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the 'name' (e.g.
    'CERTIFICATE'), any header data and the payload data. If the function succeeds then the 'name_out',     'header' and 'data' arguments are populated with pointers to buffers containing the relevant decoded data.
    The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results     in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate     the header argument with a pointer to a buffer that has already been freed. If the caller also frees this     buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an     attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service     attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and     therefore these functions are also directly affected. These functions are also called indirectly by a     number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file()     which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the     caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations     include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL     asn1parse command line application is also impacted by this issue. (CVE-2022-4450)

  - The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is     primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may     also be called directly by end user applications. The function receives a BIO from the caller, prepends a     new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the     BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid,     the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this     case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal     pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then     a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the     internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call     BIO_pop() on the BIO. This internal function is in turn called by the public API functions     PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1,     SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include     i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL     cms and smime command line applications are similarly affected. (CVE-2023-0215)

  - There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName.
    X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME     incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently     interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL     checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may     allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or     enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate     chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these     inputs, the other input must already contain an X.400 address as a CRL distribution point, which is     uncommon. As such, this vulnerability is most likely to only affect applications which have implemented     their own functionality for retrieving CRLs over a network. (CVE-2023-0286)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient     to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful     decryption an attacker would have to be able to send a very large number of trial messages for decryption.
    The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS     connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An     attacker that had observed a genuine connection between a client and a server could use this flaw to send     trial messages to the server and record the time taken to process them. After a sufficiently large number     of messages the attacker could recover the pre-master secret used for the original connection and thus be     able to decrypt the application data sent over that connection. (CVE-2022-4304)

  - The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the 'name' (e.g.
    'CERTIFICATE'), any header data and the payload data. If the function succeeds then the 'name_out',     'header' and 'data' arguments are populated with pointers to buffers containing the relevant decoded data.
    The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results     in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate     the header argument with a pointer to a buffer that has already been freed. If the caller also frees this     buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an     attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service     attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and     therefore these functions are also directly affected. These functions are also called indirectly by a     number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file()     which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the     caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations     include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL     asn1parse command line application is also impacted by this issue. (CVE-2022-4450)

  - The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is     primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may     also be called directly by end user applications. The function receives a BIO from the caller, prepends a     new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the     BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid,     the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this     case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal     pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then     a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the     internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call     BIO_pop() on the BIO. This internal function is in turn called by the public API functions     PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1,     SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include     i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL     cms and smime command line applications are similarly affected. (CVE-2023-0215)

  - There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName.
    X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME     incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently     interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL     checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may     allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or     enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate     chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these     inputs, the other input must already contain an X.400 address as a CRL distribution point, which is     uncommon. As such, this vulnerability is most likely to only affect applications which have implemented     their own functionality for retrieving CRLs over a network. (CVE-2023-0286)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The version of OpenSSL installed on the remote host is prior to 3.0.8. It is, therefore, affected by a denial of service (DoS) vulnerability. If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems (most widely: Windows) this results in a denial of service when the affected process hangs. Policy processing being enabled on a publicly facing server is not considered to be a common setup. Policy processing is enabled by passing the -policy argument to the command line utilities or by calling either X509_VERIFY_PARAM_add0_policy() or X509_VERIFY_PARAM_set1_policies() functions.

  - There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName.
    X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME     incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently     interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL     checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may     allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or     enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate     chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these     inputs, the other input must already contain an X.400 address as a CRL distribution point, which is     uncommon. As such, this vulnerability is most likely to only affect applications which have implemented     their own functionality for retrieving CRLs over a network. (CVE-2023-0286)

  - If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a     write lock will be taken twice recursively. On some operating systems (most widely: Windows) this results     in a denial of service when the affected process hangs. Policy processing being enabled on a publicly     facing server is not considered to be a common setup. Policy processing is enabled by passing the

    `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()'     function. Update (31 March 2023): The description of the policy processing enablement was corrected based     on CVE-2023-0466. (CVE-2022-3996)

  - A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint     checking. Note that this occurs after certificate chain signature verification and requires either a CA to     have signed the malicious certificate or for the application to continue certificate verification despite     failure to construct a path to a trusted issuer. The read buffer overrun might result in a crash which     could lead to a denial of service attack. In theory it could also result in the disclosure of private     memory contents (such as private keys, or sensitive plaintext) although we are not aware of any working     exploit leading to memory contents disclosure as of the time of release of this advisory. In a TLS client,     this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the     server requests client authentication and a malicious client connects. (CVE-2022-4203)

  - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient     to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful     decryption an attacker would have to be able to send a very large number of trial messages for decryption.
    The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS     connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An     attacker that had observed a genuine connection between a client and a server could use this flaw to send     trial messages to the server and record the time taken to process them. After a sufficiently large number     of messages the attacker could recover the pre-master secret used for the original connection and thus be     able to decrypt the application data sent over that connection. (CVE-2022-4304)

  - The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the name (e.g.
    CERTIFICATE), any header data and the payload data. If the function succeeds then the name_out,     header and data arguments are populated with pointers to buffers containing the relevant decoded data.
    The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results     in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate     the header argument with a pointer to a buffer that has already been freed. If the caller also frees this     buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an     attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service     attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and     therefore these functions are also directly affected. These functions are also called indirectly by a     number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file()     which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the     caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations     include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL     asn1parse command line application is also impacted by this issue. (CVE-2022-4450)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

An update of the openssl package has been released.

This plugin has been deprecated as it does not adhere to established standards for this style of check.

According to the versions of the openssl111d packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This     script is distributed by some operating systems in a manner where it is automatically executed. On such     operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of     the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool.
    Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n).
    Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd). (CVE-2022-1292)

  - In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances     where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection     were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other     places in the script where the file names of certificates being hashed were possibly passed to a command     executed through the shell. This script is distributed by some operating systems in a manner where it is     automatically executed. On such operating systems, an attacker could execute arbitrary commands with the     privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the     OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in     OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068)

  - AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt     the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was     preexisting in the memory that wasn't written. In the special case of 'in place' encryption, sixteen bytes     of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and     DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q     (Affected 1.1.1-1.1.1p). (CVE-2022-2097)

  - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient     to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful     decryption an attacker would have to be able to send a very large number of trial messages for decryption.
    The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS     connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An     attacker that had observed a genuine connection between a client and a server could use this flaw to send     trial messages to the server and record the time taken to process them. After a sufficiently large number     of messages the attacker could recover the pre-master secret used for the original connection and thus be     able to decrypt the application data sent over that connection. (CVE-2022-4304)

  - The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the 'name' (e.g.
    'CERTIFICATE'), any header data and the payload data. If the function succeeds then the 'name_out',     'header' and 'data' arguments are populated with pointers to buffers containing the relevant decoded data.
    The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results     in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate     the header argument with a pointer to a buffer that has already been freed. If the caller also frees this     buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an     attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service     attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and     therefore these functions are also directly affected. These functions are also called indirectly by a     number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file()     which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the     caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations     include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL     asn1parse command line application is also impacted by this issue. (CVE-2022-4450)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The version of AOS installed on the remote host is prior to 6.5.6.6. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.5.6.6 advisory.

  - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient     to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful     decryption an attacker would have to be able to send a very large number of trial messages for decryption.
    The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS     connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An     attacker that had observed a genuine connection between a client and a server could use this flaw to send     trial messages to the server and record the time taken to process them. After a sufficiently large number     of messages the attacker could recover the pre-master secret used for the original connection and thus be     able to decrypt the application data sent over that connection. (CVE-2022-4304)

  - The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is     primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may     also be called directly by end user applications. The function receives a BIO from the caller, prepends a     new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the     BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid,     the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this     case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal     pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then     a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the     internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call     BIO_pop() on the BIO. This internal function is in turn called by the public API functions     PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1,     SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include     i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL     cms and smime command line applications are similarly affected. (CVE-2023-0215)

  - There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName.
    X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME     incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently     interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL     checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may     allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or     enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate     chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these     inputs, the other input must already contain an X.400 address as a CRL distribution point, which is     uncommon. As such, this vulnerability is most likely to only affect applications which have implemented     their own functionality for retrieving CRLs over a network. (CVE-2023-0286)

  - ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a     buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings     which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not     a strict requirement, ASN.1 strings that are parsed using OpenSSL's own d2i functions (and other similar     parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will     additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for     applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array     by directly setting the data and length fields in the ASN1_STRING array. This can also happen by using     the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to     assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for     strings that have been directly constructed. Where an application requests an ASN.1 structure to be     printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the     application without NUL terminating the data field, then a read buffer overrun can occur. The same thing     can also occur during name constraints processing of certificates (for example if a certificate has been     directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the     certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the     X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an     application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL     functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack).
    It could also result in the disclosure of private memory contents (such as private keys, or sensitive     plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected     1.0.2-1.0.2y). (CVE-2021-3712)

  - The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop     forever for non-prime moduli. Internally this function is used when parsing certificates that contain     elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point     encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has     invalid explicit curve parameters. Since certificate parsing happens prior to verification of the     certificate signature, any process that parses an externally supplied certificate may thus be subject to a     denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they     can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients     consuming server certificates - TLS servers consuming client certificates - Hosting providers taking     certificates or private keys from customers - Certificate authorities parsing certification requests from     subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that     use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS     issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate     which makes it slightly harder to trigger the infinite loop. However any operation which requires the     public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-     signed certificate to trigger the loop during verification of the certificate signature. This issue     affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the     15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected     1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc). (CVE-2022-0778)

  - The X.509 GeneralName type is a generic type for representing different types of names. One of those name     types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different     instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both     GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a     possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1)     Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in     an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp     authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an     attacker can control both items being compared then that attacker could trigger a crash. For example if     the attacker can trick a client or server into checking a malicious certificate against a malicious CRL     then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a     certificate. This checking happens prior to the signatures on the certificate and CRL being verified.
    OpenSSL's s_server, s_client and verify tools have support for the -crl_download option which implements     automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an     unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of     EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will     accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue.
    Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected     1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w). (CVE-2020-1971)

  - less through 653 allows OS command execution via a newline character in the name of a file, because     quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file     names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN     environment variable, but this is set by default in many common cases. (CVE-2024-32487)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Siemens SINEC NMS installed on the remote host is prior to 2.0.1.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA-943925 advisory.

  - coreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does not detect multiple Content-Type     request headers on some platforms. This might allow attackers to bypass a WAF with a crafted payload,     aka Content-Type confusion between the WAF and the backend application. This occurs when the web     application relies on only the last Content-Type header. Other platforms may reject the additional     Content-Type header or merge conflicting headers, leading to detection as a malformed header.
    (CVE-2023-38199)

  - Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request     Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of     RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied     request-target (URL) data and is then re-inserted into the proxied request-target using variable     substitution. For example, something like: RewriteEngine on RewriteRule ^/here/(.*)     http://example.com:8080/elsewhere?$1; [P] ProxyPassReverse /here/ http://example.com:8080/ Request     splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended     URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version     2.4.56 of Apache HTTP Server. (CVE-2023-25690)

  - The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json     definition for a given module. This vulnerability affects all users using the experimental policy     mechanism in all active release lines: 16.x, 18.x and, 20.x. Please note that at the time this CVE was     issued, the policy is an experimental feature of Node.js. (CVE-2023-32002)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

A vulnerability exists in the OpenSSL that affects the RTU500 Series product versions listed below.

RTU500 series CMU Firmware versions 12.0.1 – 12.0.15 12.2.1 – 12.2.12 12.4.1 – 12.4.12 12.6.1 – 12.6.9 12.7.1 – 12.7.6 13.2.1 – 13.2.6 13.3.1 – 13.3.3 13.4.2

A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

ID	Name	Product	Family	Published	Updated	Severity
176682	RHEL 7 / 8 / 9 : Red Hat JBoss Web Server 5.7.3 (RHSA-2023:3420)	Nessus	Red Hat Local Security Checks	6/5/2023	11/7/2024	critical
176797	EulerOS Virtualization 2.11.0 : openssl (EulerOS-SA-2023-2127)	Nessus	Huawei Local Security Checks	6/7/2023	6/7/2023	high
177961	EulerOS 2.0 SP11 : openssl (EulerOS-SA-2023-2299)	Nessus	Huawei Local Security Checks	7/4/2023	7/4/2023	high
168829	OpenSSL 3.0.0 < 3.0.8 Multiple Vulnerabilities	Nessus	Web Servers	12/15/2022	10/23/2024	high
203962	Photon OS 3.0: Openssl PHSA-2023-3.0-0538	Nessus	PhotonOS Local Security Checks	7/24/2024	7/24/2024	high
176031	EulerOS 2.0 SP10 : openssl (EulerOS-SA-2023-1982)	Nessus	Huawei Local Security Checks	5/18/2023	5/18/2023	high
195555	RHEL 7 : openssl (Unpatched Vulnerability) (deprecated)	Nessus	Red Hat Local Security Checks	5/11/2024	5/31/2024	critical
177030	EulerOS 2.0 SP5 : openssl111d (EulerOS-SA-2023-2162)	Nessus	Huawei Local Security Checks	6/9/2023	6/9/2023	critical
206674	Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.5.6.6)	Nessus	Misc.	9/5/2024	10/31/2024	critical
191429	Siemens SINEC NMS < V2.0 SP1 Multiple Vulnerabilities	Nessus	Windows	2/29/2024	10/7/2024	critical
501743	ABB RTU500 Series OpenSSL Bleichenbacher Style Attack (CVE-2022-4304)	Tenable OT Security	Tenable.ot	9/29/2023	9/4/2024	medium
501840	Siemens SIMATIC and SCALANCE Products Encryption Strength (CVE-2022-4304)	Tenable OT Security	Tenable.ot	12/19/2023	9/4/2024	medium

Detections

Analytics

Plugins Search

critical

high

high

high

high

high

critical

critical

critical

critical

medium

medium