Oracle Linux: CVE-2019-15606: ELSA-2020-0598: nodejs:12 security update (IMPORTANT) (Multiple Advisories)
Description
Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons A flaw was found in Node.js where the HTTP(s) header values were not stripped of trailing whitespace. An attacker can use this flaw to send an HTTP(s) request which is validated by an upstream proxy server, but not by the Node.js HTTP(s) server.
Solution(s)
- oracle-linux-upgrade-nodejs
- oracle-linux-upgrade-nodejs-devel
- oracle-linux-upgrade-nodejs-docs
- oracle-linux-upgrade-nodejs-nodemon
- oracle-linux-upgrade-nodejs-packaging
- oracle-linux-upgrade-npm
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center