Oracle Linux: CVE-2022-32214: ELSA-2022-9947: GraalVM Security update (IMPORTANT) (Multiple Advisories)
Description
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). A vulnerability was found in NodeJS due to the llhttp parser in the http module not strictly using the CRLF sequence to delimit HTTP requests. This issue can lead to HTTP Request Smuggling (HRS). This flaw allows an attacker to send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers, causing web cache poisoning, and conducting XSS attacks.
Solution(s)
- oracle-linux-upgrade-graalvm22-ce-11
- oracle-linux-upgrade-graalvm22-ce-11-devel
- oracle-linux-upgrade-graalvm22-ce-11-espresso
- oracle-linux-upgrade-graalvm22-ce-11-espresso-llvm
- oracle-linux-upgrade-graalvm22-ce-11-fastr
- oracle-linux-upgrade-graalvm22-ce-11-javascript
- oracle-linux-upgrade-graalvm22-ce-11-jdk
- oracle-linux-upgrade-graalvm22-ce-11-libpolyglot
- oracle-linux-upgrade-graalvm22-ce-11-llvm
- oracle-linux-upgrade-graalvm22-ce-11-llvm-toolchain
- oracle-linux-upgrade-graalvm22-ce-11-native-image
- oracle-linux-upgrade-graalvm22-ce-11-native-image-llvm-backend
- oracle-linux-upgrade-graalvm22-ce-11-nodejs
- oracle-linux-upgrade-graalvm22-ce-11-nodejs-devel
- oracle-linux-upgrade-graalvm22-ce-11-polyglot
- oracle-linux-upgrade-graalvm22-ce-11-python
- oracle-linux-upgrade-graalvm22-ce-11-python-devel
- oracle-linux-upgrade-graalvm22-ce-11-ruby
- oracle-linux-upgrade-graalvm22-ce-11-ruby-devel
- oracle-linux-upgrade-graalvm22-ce-11-tools
- oracle-linux-upgrade-graalvm22-ce-11-wasm
- oracle-linux-upgrade-graalvm22-ce-17
- oracle-linux-upgrade-graalvm22-ce-17-devel
- oracle-linux-upgrade-graalvm22-ce-17-espresso
- oracle-linux-upgrade-graalvm22-ce-17-espresso-llvm
- oracle-linux-upgrade-graalvm22-ce-17-fastr
- oracle-linux-upgrade-graalvm22-ce-17-javascript
- oracle-linux-upgrade-graalvm22-ce-17-jdk
- oracle-linux-upgrade-graalvm22-ce-17-libpolyglot
- oracle-linux-upgrade-graalvm22-ce-17-llvm
- oracle-linux-upgrade-graalvm22-ce-17-llvm-toolchain
- oracle-linux-upgrade-graalvm22-ce-17-native-image
- oracle-linux-upgrade-graalvm22-ce-17-native-image-llvm-backend
- oracle-linux-upgrade-graalvm22-ce-17-nodejs
- oracle-linux-upgrade-graalvm22-ce-17-nodejs-devel
- oracle-linux-upgrade-graalvm22-ce-17-polyglot
- oracle-linux-upgrade-graalvm22-ce-17-python
- oracle-linux-upgrade-graalvm22-ce-17-python-devel
- oracle-linux-upgrade-graalvm22-ce-17-ruby
- oracle-linux-upgrade-graalvm22-ce-17-ruby-devel
- oracle-linux-upgrade-graalvm22-ce-17-tools
- oracle-linux-upgrade-graalvm22-ce-17-wasm
- oracle-linux-upgrade-nodejs
- oracle-linux-upgrade-nodejs-devel
- oracle-linux-upgrade-nodejs-docs
- oracle-linux-upgrade-nodejs-full-i18n
- oracle-linux-upgrade-nodejs-libs
- oracle-linux-upgrade-nodejs-nodemon
- oracle-linux-upgrade-nodejs-packaging
- oracle-linux-upgrade-npm
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center