ID de Prueba:	1.3.6.1.4.1.25623.1.0.131240
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia Linux Local Check: mgasa-2016-0080
Resumen:	Mageia Linux Local Security Checks mgasa-2016-0080
Descripción:	Summary: Mageia Linux Local Security Checks mgasa-2016-0080 Vulnerability Insight: A request smuggling vulnerability was found in Node.js that can be exploited under certain unspecified circumstances (CVE-2016-2086). It was reported that HTTP header parsing in Node.js is vulnerable to response splitting attacks. While Node.js has been protecting against response splitting attacks by checking for CRLF characters, it is possible to compose response headers using Unicode characters that decompose to these characters, bypassing the checks previously in place (CVE-2016-2216). Solution: Update the affected packages to the latest available version. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-2086 BugTraq ID: 83282 http://www.securityfocus.com/bid/83282 http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177184.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177673.html https://security.gentoo.org/glsa/201612-43 Common Vulnerability Exposure (CVE) ID: CVE-2016-2216 BugTraq ID: 83141 http://www.securityfocus.com/bid/83141 http://blog.safebreach.com/2016/02/09/http-response-splitting-in-node-js-root-cause-analysis/ http://info.safebreach.com/hubfs/Node-js-Response-Splitting.pdf http://packetstormsecurity.com/files/135711/Node.js-HTTP-Response-Splitting.html
Copyright	Copyright (C) 2016 Eero Volotinen

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.