The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6823 advisory.

– undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629) (CVE-2022-1259)

– undertow: Large AJP request may cause DoS (CVE-2022-2053)

– snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.Read More