Cb Response: Two security issues were identified in nginx HTTP/2 implementation, which might cause excessive memory consumption and CPU usage: CVE-2018-16843 and CVE-2018-16844
search cancel

Cb Response: Two security issues were identified in nginx HTTP/2 implementation, which might cause excessive memory consumption and CPU usage: CVE-2018-16843 and CVE-2018-16844

book

Article ID: 288220

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

  • Security scanner run on Cb Response server indicates a possible vulnerability:

Environment

  • Cb Response Server: 6.0.2 and Higher

Cause

  • This is related to two known vulnerabilities:
  • CVE-2018-16843
  • CVE-2018-16844

Resolution

  1. This results is a False Positive and Cb Response is not vulnerable to these two CVEs.
  2. For Cb Response to be vulnerable would need to have a line like this in the NGINX config:
```listen 443 ssl http2 default_server;```
  1. You can validate the configuration by running the following:
```# grep -ir listen /etc/|grep nginx 

/etc/cb/nginx/conf.d/cb.conf: # IMPORTANT: If listener configuration is updated here, make sure to 
/etc/cb/nginx/conf.d/cb.conf: listen [::]:443 ssl ipv6only=off; 
/etc/cb/nginx/conf.d/http.conf: # IMPORTANT: If listener configuration is updated here, make sure to 
/etc/cb/nginx/conf.d/http.conf: listen [::]:80 ipv6only=off; 
/etc/cb/nginx/conf.d/cb.multihome.conf.example:# 3. Update interface IP addresses in "listen..." statements below to match 
/etc/cb/nginx/conf.d/cb.multihome.conf.example: listen [::]:443 ssl ipv6only=off; 
/etc/cb/nginx/conf.d/cb.multihome.conf.example: listen [::]:443 ssl ipv6only=off;```
Powered by Wolken Software