ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2021.0592
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2021-0592)
Resumen:	The remote host is missing an update for the 'nodejs' package(s) announced via the MGASA-2021-0592 advisory.
Descripción:	Summary: The remote host is missing an update for the 'nodejs' package(s) announced via the MGASA-2021-0592 advisory. Vulnerability Insight: HTTP Request Smuggling due to spaces in headers. The http parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS). (CVE-2021-22959) HTTP Request Smuggling when parsing the body. The parse ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions. (CVE-2021-22960) Affected Software/OS: 'nodejs' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2021-22959 Debian Security Information: DSA-5170 (Google Search) https://www.debian.org/security/2022/dsa-5170 https://hackerone.com/reports/1238709 https://www.oracle.com/security-alerts/cpujan2022.html Common Vulnerability Exposure (CVE) ID: CVE-2021-22960 https://hackerone.com/reports/1238099
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.