Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2021.0592
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2021-0592)
Zusammenfassung:	The remote host is missing an update for the 'nodejs' package(s) announced via the MGASA-2021-0592 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'nodejs' package(s) announced via the MGASA-2021-0592 advisory. Vulnerability Insight: HTTP Request Smuggling due to spaces in headers. The http parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS). (CVE-2021-22959) HTTP Request Smuggling when parsing the body. The parse ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions. (CVE-2021-22960) Affected Software/OS: 'nodejs' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2021-22959 Debian Security Information: DSA-5170 (Google Search) https://www.debian.org/security/2022/dsa-5170 https://hackerone.com/reports/1238709 https://www.oracle.com/security-alerts/cpujan2022.html Common Vulnerability Exposure (CVE) ID: CVE-2021-22960 https://hackerone.com/reports/1238099
Copyright	Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.