Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.ALA_ALAS-2020-1359.NASL
HistoryApr 24, 2020 - 12:00 a.m.

Amazon Linux AMI : http-parser (ALAS-2020-1359)

2020-04-2400:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
18

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

Low

0.014 Low

EPSS

Percentile

86.5%

JSON

A flaw was found in the Node.js code where a specially crafted HTTP(s) request sent to a Node.js server failed to properly process the HTTP(s) headers, resulting in a request smuggling attack. An attacker can use this flaw to alter a request sent as an authenticated user if the Node.js server is deployed behind a proxy server that reuses connections. (CVE-2019-15605)

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer. (CVE-2018-12121)

It was found that the http module from Node.js could accept incorrect Content-Length values, containing spaces within the value, in HTTP headers. A specially crafted client could use this flaw to possibly confuse the script, causing unspecified behavior. (CVE-2018-7159)

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2020-1359.
#

include('compat.inc');

if (description)
{
  script_id(135935);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/14");

  script_cve_id("CVE-2018-12121", "CVE-2018-7159", "CVE-2019-15605");
  script_xref(name:"ALAS", value:"2020-1359");

  script_name(english:"Amazon Linux AMI : http-parser (ALAS-2020-1359)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux AMI host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"A flaw was found in the Node.js code where a specially crafted HTTP(s)
request sent to a Node.js server failed to properly process the
HTTP(s) headers, resulting in a request smuggling attack. An attacker
can use this flaw to alter a request sent as an authenticated user if
the Node.js server is deployed behind a proxy server that reuses
connections. (CVE-2019-15605)

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and
11.3.0: Denial of Service with large HTTP headers: By using a
combination of many requests with maximum sized headers (almost 80 KB
per connection), and carefully timed completion of the headers, it is
possible to cause the HTTP server to abort from heap allocation
failure. Attack potential is mitigated by the use of a load balancer
or other proxy layer. (CVE-2018-12121)

It was found that the http module from Node.js could accept incorrect
Content-Length values, containing spaces within the value, in HTTP
headers. A specially crafted client could use this flaw to possibly
confuse the script, causing unspecified behavior. (CVE-2018-7159)");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2020-1359.html");
  script_set_attribute(attribute:"solution", value:
"Run 'yum update http-parser' to update your system.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-15605");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/04/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/24");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:http-parser");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:http-parser-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:http-parser-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Amazon Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (rpm_check(release:"ALA", reference:"http-parser-2.9.3-1.2.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"http-parser-debuginfo-2.9.3-1.2.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"http-parser-devel-2.9.3-1.2.amzn1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "http-parser / http-parser-debuginfo / http-parser-devel");
}
VendorProductVersionCPE
amazonlinuxhttp-parserp-cpe:/a:amazon:linux:http-parser
amazonlinuxhttp-parser-debuginfop-cpe:/a:amazon:linux:http-parser-debuginfo
amazonlinuxhttp-parser-develp-cpe:/a:amazon:linux:http-parser-devel
amazonlinuxcpe:/o:amazon:linux

Related

amazon 3
openvas 32
nessus 54
oraclelinux 5
centos 2
redhat 7
cvelist 4
alpinelinux 4
osv 7
redhatcve 3
ubuntucve 4
cve 4
debiancve 4
prion 4
nvd 4
f5 2
hackerone 1
cbl_mariner 1
veracode 3
mageia 2
cloudfoundry 1
fedora 9
github 1
ibm 25
freebsd 2
altlinux 3
nodejsblog 2
photon 2
rocky 1
almalinux 1
suse 2
amazon
amazon
Important: http-parser
2020-04-20 19:21:00
Medium: http-parser
2019-10-21 18:01:00
Important: http-parser
2020-05-05 01:12:00
openvas
openvas
CentOS Update for http-parser CESA-2019:2258 centos7
2019-09-19 00:00:00
Huawei EulerOS: Security Advisory for http-parser (EulerOS-SA-2020-1652)
2020-06-16 00:00:00
Huawei EulerOS: Security Advisory for http-parser (EulerOS-SA-2020-1198)
2020-03-13 00:00:00
nessus
nessus
EulerOS 2.0 SP5 : http-parser (EulerOS-SA-2019-2158)
2019-11-12 00:00:00
EulerOS Virtualization 3.0.2.2 : http-parser (EulerOS-SA-2020-1486)
2020-04-16 00:00:00
Oracle Linux 7 : http-parser (ELSA-2019-2258)
2023-09-07 00:00:00
oraclelinux
oraclelinux
http-parser security update
2019-08-13 00:00:00
http-parser security update
2020-03-06 00:00:00
http-parser security and bug fix update
2019-11-14 00:00:00
centos
centos
http security update
2019-09-18 20:20:44
http security update
2020-03-04 21:38:41
redhat
redhat
(RHSA-2019:2258) Moderate: http-parser security update
2019-08-06 08:17:52
(RHSA-2019:3497) Moderate: http-parser security and bug fix update
2019-11-05 17:52:33
(RHSA-2020:0707) Important: http-parser security update
2020-03-04 17:01:00
cvelist
cvelist
CVE-2018-7159
2018-03-21 00:00:00
CVE-2018-12121
2018-11-28 17:00:00
CVE-2019-15605
2020-02-07 14:55:22
alpinelinux
alpinelinux
CVE-2018-7159
2018-05-17 14:29:00
CVE-2018-12121
2018-11-28 17:29:00
CVE-2019-15605
2020-02-07 15:15:11
osv
osv
CVE-2018-7159
2018-05-17 14:29:00
CVE-2018-12121
2018-11-28 17:29:00
SwiftNIO vulnerable to HTTP request smuggling using malformed Transfer-Encoding header
2023-05-18 17:29:43
redhatcve
redhatcve
CVE-2018-12121
2019-10-28 21:36:22
CVE-2018-7159
2019-10-20 06:35:28
CVE-2019-15605
2020-04-06 04:56:12
ubuntucve
ubuntucve
CVE-2018-12121
2018-11-28 00:00:00
CVE-2018-7159
2018-05-17 00:00:00
CVE-2019-15605
2020-02-07 00:00:00
cve
cve
CVE-2018-12121
2018-11-28 17:29:00
CVE-2018-7159
2018-05-17 14:29:00
CVE-2019-15605
2020-02-07 15:15:11
debiancve
debiancve
CVE-2018-12121
2018-11-28 17:29:00
CVE-2019-15605
2020-02-07 15:15:11
CVE-2018-7159
2018-05-17 14:29:00
prion
prion
Heap overflow
2018-11-28 17:29:00
Input validation
2018-05-17 14:29:00
Design/Logic Flaw
2020-02-07 15:15:00
nvd
nvd
CVE-2018-12121
2018-11-28 17:29:00
CVE-2018-7159
2018-05-17 14:29:00
CVE-2019-15605
2020-02-07 15:15:11
f5
f5
K27228191 : Node.js vulnerability CVE-2018-7159
2018-10-19 00:00:00
K000137090 : Node.js vulnerabilities CVE-2018-12121, CVE-2018-12122, and CVE-2018-12123
2023-10-02 00:00:00
hackerone
hackerone
Node.js: HTTP request smuggling using malformed Transfer-Encoding header
2019-11-12 01:11:47
cbl_mariner
cbl_mariner
CVE-2018-12121 affecting package nodejs 8.11.4-7
2021-08-11 06:39:34
veracode
veracode
Denial Of Service (DoS)
2018-11-30 05:36:43
Incorrect HTTP Content Length Parsing
2018-05-09 08:17:32
HTTP Request Smuggling
2020-02-10 08:28:35
mageia
mageia
Updated http-parser packages fix security vulnerability
2020-03-09 01:37:31
Updated nodejs packages fix security vulnerabilities
2019-09-15 16:24:16
cloudfoundry
cloudfoundry
CVE-2019-15605: Node.js is vulnerable to request smuggling | Cloud Foundry
2020-03-09 00:00:00
fedora
fedora
[SECURITY] Fedora 30 Update: libuv-1.34.2-1.fc30
2020-02-23 01:09:35
[SECURITY] Fedora 31 Update: nodejs-12.15.0-1.fc31
2020-02-09 01:33:56
[SECURITY] Fedora 31 Update: nghttp2-1.40.0-1.fc31
2020-02-09 01:33:56
github
github
SwiftNIO vulnerable to HTTP request smuggling using malformed Transfer-Encoding header
2023-05-18 17:29:43
ibm
ibm
Security Bulletin: IBM DataPower Gateway affected by multiple CVEs in Node.js
2021-06-08 22:33:53
Security Bulletin: Version 10.16.3 of Node.js included in IBM Cloud Event Management 2.5.0 has several security vulnerabilities.
2020-04-16 05:05:02
Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Node.js (CVE-2019-15605, CVE-2019-15606)
2020-09-27 17:54:07
freebsd
freebsd
node.js -- multiple vulnerabilities
2018-03-21 00:00:00
Node.js -- multiple vulnerabilities
2020-02-06 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package node version 10.14.1-alt1
2018-11-30 00:00:00
Security fix for the ALT Linux 10 package node version 13.8.0-alt1
2020-02-11 00:00:00
Security fix for the ALT Linux 9 package node version 13.8.0-alt1
2020-02-11 00:00:00
nodejsblog
nodejsblog
February 2020 Security Releases
2020-02-06 00:00:00
March 2018 Security Releases
2018-03-21 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2020-0060
2020-02-23 00:00:00
Critical Photon OS Security Update - PHSA-2020-3.0-0060
2020-02-23 00:00:00
rocky
rocky
nodejs:12 security update
2020-02-25 13:06:23
almalinux
almalinux
Important: nodejs:12 security update
2020-02-25 13:06:23
suse
suse
Security update for nodejs8 (important)
2020-03-03 00:00:00
Security update for nodejs8 (important)
2019-01-28 00:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

Low

0.014 Low

EPSS

Percentile

86.5%

JSON
Related for ALA_ALAS-2020-1359.NASL
amazon3openvas32nessus54oraclelinux5centos2redhat7cvelist4alpinelinux4osv7redhatcve3ubuntucve4cve4debiancve4prion4nvd4f52hackerone1cbl_mariner1veracode3mageia2cloudfoundry1fedora9github1ibm25freebsd2altlinux3nodejsblog2photon2rocky1almalinux1suse2