Test ID:	1.3.6.1.4.1.25623.1.0.883196
Category:	CentOS Local Security Checks
Title:	CentOS: Security Advisory for http-parser (CESA-2020:0703)
Summary:	The remote host is missing an update for the 'http-parser'; package(s) announced via the CESA-2020:0703 advisory.
Description:	Summary: The remote host is missing an update for the 'http-parser' package(s) announced via the CESA-2020:0703 advisory. Vulnerability Insight: The http-parser package provides a utility for parsing HTTP messages. It parses both requests and responses. The parser is designed to be used in performance HTTP applications. It does not make any system calls or allocations, it does not buffer data, and it can be interrupted at any time. Depending on your architecture, it only requires about 40 bytes of data per message stream. Security Fix(es): * nodejs: HTTP request smuggling using malformed Transfer-Encoding header (CVE-2019-15605) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Affected Software/OS: 'http-parser' package(s) on CentOS 7. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2019-15605 https://nodejs.org/en/blog/release/v10.19.0/ https://nodejs.org/en/blog/release/v12.15.0/ https://nodejs.org/en/blog/release/v13.8.0/ https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/ https://security.netapp.com/advisory/ntap-20200221-0004/ Debian Security Information: DSA-4669 (Google Search) https://www.debian.org/security/2020/dsa-4669 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLB676PDU4RJQLWQUA277YNGYYNEYGWO/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CT3WTR4P5VAJ3GJGKPYEDUPTNZ3IEDUR/ https://security.gentoo.org/glsa/202003-48 https://hackerone.com/reports/735748 https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuapr2020.html RedHat Security Advisories: RHSA-2020:0573 https://access.redhat.com/errata/RHSA-2020:0573 RedHat Security Advisories: RHSA-2020:0579 https://access.redhat.com/errata/RHSA-2020:0579 RedHat Security Advisories: RHSA-2020:0597 https://access.redhat.com/errata/RHSA-2020:0597 RedHat Security Advisories: RHSA-2020:0598 https://access.redhat.com/errata/RHSA-2020:0598 RedHat Security Advisories: RHSA-2020:0602 https://access.redhat.com/errata/RHSA-2020:0602 RedHat Security Advisories: RHSA-2020:0703 https://access.redhat.com/errata/RHSA-2020:0703 RedHat Security Advisories: RHSA-2020:0707 https://access.redhat.com/errata/RHSA-2020:0707 RedHat Security Advisories: RHSA-2020:0708 https://access.redhat.com/errata/RHSA-2020:0708 SuSE Security Announcement: openSUSE-SU-2020:0293 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html
Copyright	Copyright (C) 2020 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.