By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

CVE-2004-0230 - during PCI scanning of AWS EKS with NLB

0

I have cluster in EKS with NLB (internet-facing) and then ingress-nginx. During Qualys PCI scan i got CVE-2004-0230 alert on 80 and 443 port (Tested on port 80/443 with an injected SYN/RST offset by 16 bytes.) How i can fix it? I cant found where this problem can persist, on load balancer or on ingress side. Maybe anyone can help? Thanks in advance!

Topics
Security, Identity, & ComplianceContainersNetworking & Content Delivery
Tags
Security, Identity, & ComplianceAmazon Elastic Kubernetes ServiceElastic Load Balancing
Language
English
Monkz
asked a year ago330 views
1 Answer
0

EKS an ELBs are both in-scope for AWS PCI assessments (https://aws.amazon.com/compliance/services-in-scope/PCI/), so they should be good with regards to meeting the requirements (assuming your solution was architected correctly with them ;) ).

It is possible that you are getting this from the ingress/container side. CVE-2004-0230 has been around since 2004 and vendors have all dealt with it in different ways, especially OS vendors. Some have stated it is not a concern and won't be touched (https://access.redhat.com/security/cve/cve-2004-0230) as there are other mitigating controls.

AWS
rePost-User-8161262
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content