The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5459 advisory.

– CVE-2020-14384 jbossweb: Incomplete fix of for WebSocket in JBossWeb could lead to DoS (CVE-2020-13935)

– jbossweb: Incomplete fix of CVE-2020-13935 for WebSocket in JBossWeb could lead to DoS (CVE-2020-14384)

– log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender (CVE-2021-4104)

– log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302)

– log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305)

– log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.Read More