ID de Prueba:	1.3.6.1.4.1.25623.1.0.883196
Categoría:	CentOS Local Security Checks
Título:	CentOS: Security Advisory for http-parser (CESA-2020:0703)
Resumen:	The remote host is missing an update for the 'http-parser'; package(s) announced via the CESA-2020:0703 advisory.
Descripción:	Summary: The remote host is missing an update for the 'http-parser' package(s) announced via the CESA-2020:0703 advisory. Vulnerability Insight: The http-parser package provides a utility for parsing HTTP messages. It parses both requests and responses. The parser is designed to be used in performance HTTP applications. It does not make any system calls or allocations, it does not buffer data, and it can be interrupted at any time. Depending on your architecture, it only requires about 40 bytes of data per message stream. Security Fix(es): * nodejs: HTTP request smuggling using malformed Transfer-Encoding header (CVE-2019-15605) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Affected Software/OS: 'http-parser' package(s) on CentOS 7. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2019-15605 https://nodejs.org/en/blog/release/v10.19.0/ https://nodejs.org/en/blog/release/v12.15.0/ https://nodejs.org/en/blog/release/v13.8.0/ https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/ https://security.netapp.com/advisory/ntap-20200221-0004/ Debian Security Information: DSA-4669 (Google Search) https://www.debian.org/security/2020/dsa-4669 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLB676PDU4RJQLWQUA277YNGYYNEYGWO/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CT3WTR4P5VAJ3GJGKPYEDUPTNZ3IEDUR/ https://security.gentoo.org/glsa/202003-48 https://hackerone.com/reports/735748 https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuapr2020.html RedHat Security Advisories: RHSA-2020:0573 https://access.redhat.com/errata/RHSA-2020:0573 RedHat Security Advisories: RHSA-2020:0579 https://access.redhat.com/errata/RHSA-2020:0579 RedHat Security Advisories: RHSA-2020:0597 https://access.redhat.com/errata/RHSA-2020:0597 RedHat Security Advisories: RHSA-2020:0598 https://access.redhat.com/errata/RHSA-2020:0598 RedHat Security Advisories: RHSA-2020:0602 https://access.redhat.com/errata/RHSA-2020:0602 RedHat Security Advisories: RHSA-2020:0703 https://access.redhat.com/errata/RHSA-2020:0703 RedHat Security Advisories: RHSA-2020:0707 https://access.redhat.com/errata/RHSA-2020:0707 RedHat Security Advisories: RHSA-2020:0708 https://access.redhat.com/errata/RHSA-2020:0708 SuSE Security Announcement: openSUSE-SU-2020:0293 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html
Copyright	Copyright (C) 2020 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.