AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관
AWS re:Postre:Post

CVE-2004-0230 - during PCI scanning of AWS EKS with NLB

0

I have cluster in EKS with NLB (internet-facing) and then ingress-nginx. During Qualys PCI scan i got CVE-2004-0230 alert on 80 and 443 port (Tested on port 80/443 with an injected SYN/RST offset by 16 bytes.) How i can fix it? I cant found where this problem can persist, on load balancer or on ingress side. Maybe anyone can help? Thanks in advance!

주제
보안, 신원 및 규정 준수컨테이너네트워킹 및 콘텐츠 전송
태그
보안, 신원 및 규정 준수아마존 Elastic Kubernetes 서비스탄력적 로드 밸런싱
언어
English
Monkz
질문됨 일 년 전338회 조회
1개 답변
0

EKS an ELBs are both in-scope for AWS PCI assessments (https://aws.amazon.com/compliance/services-in-scope/PCI/), so they should be good with regards to meeting the requirements (assuming your solution was architected correctly with them ;) ).

It is possible that you are getting this from the ingress/container side. CVE-2004-0230 has been around since 2004 and vendors have all dealt with it in different ways, especially OS vendors. Some have stated it is not a concern and won't be touched (https://access.redhat.com/security/cve/cve-2004-0230) as there are other mitigating controls.

AWS
rePost-User-8161262
답변함 일 년 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠