CVE-2004-0230 - during PCI scanning of AWS EKS with NLB

I have cluster in EKS with NLB (internet-facing) and then ingress-nginx. During Qualys PCI scan i got CVE-2004-0230 alert on 80 and 443 port (Tested on port 80/443 with an injected SYN/RST offset by 16 bytes.) How i can fix it? I cant found where this problem can persist, on load balancer or on ingress side. Maybe anyone can help? Thanks in advance!

トピック

セキュリティ、アイデンティティ、コンプライアンスコンテナネットワークとコンテンツ配信

タグ

セキュリティ、アイデンティティ、コンプライアンス Amazon Elastic Kubernetes Service 弾力性のあるロードバランシング

言語

English

Monkz

質問済み 1年前338ビュー

1回答

新しい順
投票が多い順
コメントが多い順

これらの回答は役に立ちましたか？コミュニティがあなたの知識を活用できるように、正解に賛成票を投じてください。

EKS an ELBs are both in-scope for AWS PCI assessments (https://aws.amazon.com/compliance/services-in-scope/PCI/), so they should be good with regards to meeting the requirements (assuming your solution was architected correctly with them ;) ).

It is possible that you are getting this from the ingress/container side. CVE-2004-0230 has been around since 2004 and vendors have all dealt with it in different ways, especially OS vendors. Some have stated it is not a concern and won't be touched (https://access.redhat.com/security/cve/cve-2004-0230) as there are other mitigating controls.

rePost-User-8161262

回答済み 1年前

CVE-2004-0230 - during PCI scanning of AWS EKS with NLB

関連するコンテンツ