Test ID:	1.3.6.1.4.1.25623.1.0.117166
Category:	Web application abuses
Title:	Elastic Kibana < 6.8.7, 7.x < 7.6.1 Multiple Vulnerabilities in Node.js (ESA-2020-01) - Windows
Summary:	Kibana is prone to multiple vulnerabilities in the; shipped 3rdparty Node.js component.
Description:	Summary: Kibana is prone to multiple vulnerabilities in the shipped 3rdparty Node.js component. Vulnerability Insight: The version of Node.js shipped in Kibana contain three security flaws: - CVE-2019-15604 describes a Denial of Service (DoS) flaw in the TLS handling code of Node.js. Successful exploitation of this flaw could result in Kibana crashing. - CVE-2019-15606 and CVE-2019-15605 describe flaws in how Node.js handles malformed HTTP headers. These malformed headers could result in a HTTP request smuggling attack when Kibana is running behind a proxy vulnerable to HTTP request smuggling attacks. This update upgrades Node.js to version 10.19.0, which is not vulnerable to these issues. Affected Software/OS: Kibana versions prior to 6.8.7 and 7.6.1. Solution: Update to version 6.8.7, 7.6.1 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2019-15604 https://nodejs.org/en/blog/release/v10.19.0/ https://nodejs.org/en/blog/release/v12.15.0/ https://nodejs.org/en/blog/release/v13.8.0/ https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/ https://security.netapp.com/advisory/ntap-20200221-0004/ Debian Security Information: DSA-4669 (Google Search) https://www.debian.org/security/2020/dsa-4669 https://security.gentoo.org/glsa/202003-48 https://hackerone.com/reports/746733 https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuapr2020.html RedHat Security Advisories: RHSA-2020:0573 https://access.redhat.com/errata/RHSA-2020:0573 RedHat Security Advisories: RHSA-2020:0579 https://access.redhat.com/errata/RHSA-2020:0579 RedHat Security Advisories: RHSA-2020:0597 https://access.redhat.com/errata/RHSA-2020:0597 RedHat Security Advisories: RHSA-2020:0598 https://access.redhat.com/errata/RHSA-2020:0598 RedHat Security Advisories: RHSA-2020:0602 https://access.redhat.com/errata/RHSA-2020:0602 SuSE Security Announcement: openSUSE-SU-2020:0293 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html Common Vulnerability Exposure (CVE) ID: CVE-2019-15605 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLB676PDU4RJQLWQUA277YNGYYNEYGWO/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CT3WTR4P5VAJ3GJGKPYEDUPTNZ3IEDUR/ https://hackerone.com/reports/735748 RedHat Security Advisories: RHSA-2020:0703 https://access.redhat.com/errata/RHSA-2020:0703 RedHat Security Advisories: RHSA-2020:0707 https://access.redhat.com/errata/RHSA-2020:0707 RedHat Security Advisories: RHSA-2020:0708 https://access.redhat.com/errata/RHSA-2020:0708 Common Vulnerability Exposure (CVE) ID: CVE-2019-15606 https://hackerone.com/reports/730779
Copyright	Copyright (C) 2021 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.