Rapid7 Vulnerability & Exploit Database

Amazon Linux AMI: Security patch for golang, docker (ALAS-2015-588) (multiple CVEs)

Back to Search

Amazon Linux AMI: Security patch for golang, docker (ALAS-2015-588) (multiple CVEs)

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
08/26/2015
Created
07/25/2018
Added
08/26/2015
Modified
03/21/2018

Description

As discussed upstream -- here and here -- the Go project received notification of an HTTP request smuggling vulnerability in the net/http library. Invalid headers are parsed as valid headers (like "Content Length:" with a space in the middle) and Double Content-length headers in a request does not generate a 400 error, the second Content-length is ignored.

Solution(s)

  • amazon-linux-upgrade-docker
  • amazon-linux-upgrade-docker-devel
  • amazon-linux-upgrade-docker-pkg-devel
  • amazon-linux-upgrade-golang
  • amazon-linux-upgrade-golang-pkg-bin-linux-386
  • amazon-linux-upgrade-golang-pkg-bin-linux-amd64
  • amazon-linux-upgrade-golang-pkg-darwin-386
  • amazon-linux-upgrade-golang-pkg-darwin-amd64
  • amazon-linux-upgrade-golang-pkg-freebsd-386
  • amazon-linux-upgrade-golang-pkg-freebsd-amd64
  • amazon-linux-upgrade-golang-pkg-freebsd-arm
  • amazon-linux-upgrade-golang-pkg-linux-386
  • amazon-linux-upgrade-golang-pkg-linux-amd64
  • amazon-linux-upgrade-golang-pkg-linux-arm
  • amazon-linux-upgrade-golang-pkg-netbsd-386
  • amazon-linux-upgrade-golang-pkg-netbsd-amd64
  • amazon-linux-upgrade-golang-pkg-netbsd-arm
  • amazon-linux-upgrade-golang-pkg-openbsd-386
  • amazon-linux-upgrade-golang-pkg-openbsd-amd64
  • amazon-linux-upgrade-golang-pkg-plan9-386
  • amazon-linux-upgrade-golang-pkg-plan9-amd64
  • amazon-linux-upgrade-golang-pkg-windows-386
  • amazon-linux-upgrade-golang-pkg-windows-amd64
  • amazon-linux-upgrade-golang-src

References

  • amazon-linux-upgrade-docker
  • amazon-linux-upgrade-docker-devel
  • amazon-linux-upgrade-docker-pkg-devel
  • amazon-linux-upgrade-golang
  • amazon-linux-upgrade-golang-pkg-bin-linux-386
  • amazon-linux-upgrade-golang-pkg-bin-linux-amd64
  • amazon-linux-upgrade-golang-pkg-darwin-386
  • amazon-linux-upgrade-golang-pkg-darwin-amd64
  • amazon-linux-upgrade-golang-pkg-freebsd-386
  • amazon-linux-upgrade-golang-pkg-freebsd-amd64
  • amazon-linux-upgrade-golang-pkg-freebsd-arm
  • amazon-linux-upgrade-golang-pkg-linux-386
  • amazon-linux-upgrade-golang-pkg-linux-amd64
  • amazon-linux-upgrade-golang-pkg-linux-arm
  • amazon-linux-upgrade-golang-pkg-netbsd-386
  • amazon-linux-upgrade-golang-pkg-netbsd-amd64
  • amazon-linux-upgrade-golang-pkg-netbsd-arm
  • amazon-linux-upgrade-golang-pkg-openbsd-386
  • amazon-linux-upgrade-golang-pkg-openbsd-amd64
  • amazon-linux-upgrade-golang-pkg-plan9-386
  • amazon-linux-upgrade-golang-pkg-plan9-amd64
  • amazon-linux-upgrade-golang-pkg-windows-386
  • amazon-linux-upgrade-golang-pkg-windows-amd64
  • amazon-linux-upgrade-golang-src

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;