Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

CVE-2004-0230 - during PCI scanning of AWS EKS with NLB

0

I have cluster in EKS with NLB (internet-facing) and then ingress-nginx. During Qualys PCI scan i got CVE-2004-0230 alert on 80 and 443 port (Tested on port 80/443 with an injected SYN/RST offset by 16 bytes.) How i can fix it? I cant found where this problem can persist, on load balancer or on ingress side. Maybe anyone can help? Thanks in advance!

Themen
Sicherheit, Identität & KonformitätBehälterVernetzung & Bereitstellung von Inhalten
Tags
Sicherheit, Identität & KonformitätAmazon Elastic Kubernetes DienstElastic Load Balancing
Sprache
English
Monkz
gefragt vor einem Jahr338 Aufrufe
1 Antwort
0

EKS an ELBs are both in-scope for AWS PCI assessments (https://aws.amazon.com/compliance/services-in-scope/PCI/), so they should be good with regards to meeting the requirements (assuming your solution was architected correctly with them ;) ).

It is possible that you are getting this from the ingress/container side. CVE-2004-0230 has been around since 2004 and vendors have all dealt with it in different ways, especially OS vendors. Some have stated it is not a concern and won't be touched (https://access.redhat.com/security/cve/cve-2004-0230) as there are other mitigating controls.

AWS
rePost-User-8161262
beantwortet vor einem Jahr

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt