Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2024.0086
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2024-0086)
Zusammenfassung:	The remote host is missing an update for the 'nodejs-hawk' package(s) announced via the MGASA-2024-0086 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'nodejs-hawk' package(s) announced via the MGASA-2024-0086 advisory. Vulnerability Insight: Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Hawk used a regular expression to parse `Host` HTTP header (`Hawk.utils.parseHost()`), which was subject to regular expression DoS attack - meaning each added character in the attacker's input increases the computation time exponentially. `parseHost()` was patched in `9.0.1` to use built-in `URL` class to parse hostname instead. `Hawk.authenticate()` accepts `options` argument. If that contains `host` and `port`, those would be used instead of a call to `utils.parseHost()`. (CVE-2022-29167) Affected Software/OS: 'nodejs-hawk' package(s) on Mageia 9. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2022-29167 https://github.com/mozilla/hawk/security/advisories/GHSA-44pw-h2cw-w3vq https://github.com/mozilla/hawk/pull/286
Copyright	Copyright (C) 2024 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.