遠端 Redhat Enterprise Linux 8 主機上安裝的套件受到 RHSA-2023: 1513 公告中提及的多個弱點影響。

  - SnakeYaml：建構函式反序列化遠端程式碼執行 (CVE-2022-1471)

  - snakeyaml：java.base/java.util.ArrayList.hashCode 中有未攔截的例外狀況 (CVE-2022-38752)

  - hsqldb：未受信任的輸入可能導致 RCE 攻擊 (CVE-2022-41853)

  - dev-java/snakeyaml：透過堆疊溢位引發的 DoS (CVE-2022-41854)

  - codec-haproxy：HAProxyMessageDecoder 堆疊耗盡引發的 DoS (CVE-2022-41881)

  - undertow：undertow 用戶端未檢查 https 連線中的伺服器身分 (CVE-2022-4492)

  - apache-james-mime4j：MIME4J TempFileStorageProvider 中的暫存檔案資訊洩漏弱點 (CVE-2022-45787)

  - RESTEasy：建立不安全的暫存檔 (CVE-2023-0482)

  - Undertow：關閉期間 SslConduit 中會發生無限迴圈 (CVE-2023-1108)

請注意，Nessus 並未測試這些問題，而是僅依據應用程式自我報告的版本號碼作出判斷。

偵測

RHEL 8：RHEL 8 上的 Red Hat JBoss Enterprise Application Platform 7.4.10 (RHSA-2023: 1513)

critical Nessus Plugin ID 173692

版本 1.3

版本 1.2

版本 1.1

版本 1.0

版本 1.3 Apr 28, 2024, 2:25 PM Detection (updated detection logic) Plugin metadata Reference Plugin Feed: 202404281425
版本 1.2 May 24, 2023, 8:43 PM Logic Changes (Added support for ppc64le architecture) Plugin Feed: 202305242043
版本 1.1 Apr 19, 2023, 2:07 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True". "Exploit available" set to "True". "Exploit available" set to "True". "Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202304191407
版本 1.0 Mar 30, 2023, 12:00 PM New Plugin Feed: 202303301200