RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.3.3 security update on RHEL 7 (Moderate) (RHSA-2020:4246)
Discription

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4246 advisory.

– picketbox: JBoss EAP reload to admin-only mode allows authentication bypass (CVE-2020-14299)

– wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl (CVE-2020-14338)

– xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS (CVE-2020-14340)

– cxf: JMX integration is vulnerable to a MITM attack (CVE-2020-1954)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.Read More

Back to Main

Subscribe for the latest news: