En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

CVE-2021-23017 issue for services running behind Network load balancer

0

We have a couple of services running on EKS fargate accessible from internet via network load balancers.

We have recently conducted external penetration testing as part of our compliance process. It identified that the network load balancer is using nginx v1.20 which is subject to a security issue CVE-2021-23017 https://alas.aws.amazon.com/cve/html/CVE-2021-23017.html#score-breakdown . This issue has been fixed in v1.20.1.

Is there a patch that has been applied to network load balancer to fix CVE-2021-23017 or any mitigation we can do to overcome this from client (our) side?

Could anyone provide any pointers for me to gather more information in order to make an assessment of the severity level?

I searched the forum but only found a few posts about this issue with regards to elastic beanstalk, nothing about the network load balancer.

Thank you.

Edited by: yybc9a3 on Nov 26, 2021 3:27 AM

Edited by: yybc9a3 on Nov 26, 2021 3:31 AM

Sujets
Réseaux et diffusion de contenu
Balises
Elastic Load Balancing
Langue
English
yybc9a3
demandé il y a 2 ans304 vues
1 réponse
0

Turned out that it was a massive overlook.... We did run a small nginx container after netwrok load balancer....
Problem solved.

Edited by: yybc9a3 on Nov 26, 2021 6:24 AM

yybc9a3
répondu il y a 2 ans

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents