The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4246 advisory.
– picketbox: JBoss EAP reload to admin-only mode allows authentication bypass (CVE-2020-14299)
– wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl (CVE-2020-14338)
– xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS (CVE-2020-14340)
– cxf: JMX integration is vulnerable to a MITM attack (CVE-2020-1954)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.Read More