The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5460 advisory.
– CVE-2020-14384 jbossweb: Incomplete fix of for WebSocket in JBossWeb could lead to DoS (CVE-2020-13935)
– jbossweb: Incomplete fix of CVE-2020-13935 for WebSocket in JBossWeb could lead to DoS (CVE-2020-14384)
– log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender (CVE-2021-4104)
– log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302)
– log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305)
– log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.Read More
References
Back to Main