Oracle Linux: CVE-2021-33516: ELSA-2021-2363: gupnp security update (IMPORTANT) (Multiple Advisories)
Description
An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected service, this could be used for data exfiltration, data tempering, etc. A flaw was found in gupnp. DNS rebinding can occur when a victim's browser is used by a remote web server to trigger actions against local UPnP services including data exfiltration, data tempering, and other exploits. The highest threat from this vulnerability is to data confidentiality and integrity.
Solution(s)
- oracle-linux-upgrade-gupnp
- oracle-linux-upgrade-gupnp-devel
- oracle-linux-upgrade-gupnp-docs
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center