CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
Low
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:7441 advisory.
Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime.
This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 8.0.
Security Fix(es):
* software.amazon.ion/ion-java: ion-java: Ion Java StackOverflow vulnerability (CVE-2024-21634)
* undertow: Improper State Management in Proxy Protocol parsing causes information leakage (CVE-2024-7885)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
File data redhat-RHSA-2024-7441.nasl
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21634
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7885
www.nessus.org/u?7ad796bc
www.nessus.org/u?919aa761
access.redhat.com/errata/RHSA-2024:7441
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=2304311
bugzilla.redhat.com/show_bug.cgi?id=2305290
issues.redhat.com/browse/JBEAP-27711
issues.redhat.com/browse/JBEAP-27754