pcs-0.10.18-2.el8_10.3.ML.1
エラータID: AXSA:2024-9389:07
リリース日:
2024/12/16 Monday - 17:22
題名:
pcs-0.10.18-2.el8_10.3.ML.1
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- sinatra には、リモートの攻撃者により、細工された
X-Forwarded-Host ヘッダーを含む HTTP リクエストの処理
を介して、オープンリダイレクト攻撃を可能とする脆弱性が
存在します。(CVE-2024-21510)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-21510
Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host (XFH) header. When making a request to a method with redirect applied, it is possible to trigger an Open Redirect Attack by inserting an arbitrary address into this header. If used for caching purposes, such as with servers like Nginx, or as a reverse proxy, without handling the X-Forwarded-Host header, attackers can potentially exploit Cache Poisoning or Routing-based SSRF.
Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host (XFH) header. When making a request to a method with redirect applied, it is possible to trigger an Open Redirect Attack by inserting an arbitrary address into this header. If used for caching purposes, such as with servers like Nginx, or as a reverse proxy, without handling the X-Forwarded-Host header, attackers can potentially exploit Cache Poisoning or Routing-based SSRF.
追加情報:
N/A
ダウンロード:
SRPMS
- pcs-0.10.18-2.el8_10.3.ML.1.src.rpm
MD5: 9f2aabe4301b4890300f954ed78aae51
SHA-256: c37ca680b09ef116f30cd993271818ccf75a2245f08e9515381b502ea9c708f9
Size: 5.17 MB
Asianux Server 8 for x86_64
- pcs-0.10.18-2.el8_10.3.ML.1.x86_64.rpm
MD5: 686553f38cb3c1fa760c4c66837278ca
SHA-256: 62ba1b44e329147b0edd5e801aee18535c7bbed18e747501c71ca6386d615ca9
Size: 4.11 MB - pcs-snmp-0.10.18-2.el8_10.3.ML.1.x86_64.rpm
MD5: be3511dd463be5cb74037d333c732fbb
SHA-256: 50c9ad1634574c4c9c05f6e99a6030745bcd1d76ab9bdcbdf5b328be9889c6dd
Size: 81.13 kB
English