Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[datagov-brokerpak-solr] ALB does not drop invalid headers #4103

Closed
2 tasks
nickumia-reisys opened this issue Dec 7, 2022 · 1 comment
Closed
2 tasks

[datagov-brokerpak-solr] ALB does not drop invalid headers #4103

nickumia-reisys opened this issue Dec 7, 2022 · 1 comment
Assignees
@nickumia-reisys
Labels
bug Software defect or bug compliance Relating to security compliance or documentation

Comments

@nickumia-reisys
Copy link
Contributor

nickumia-reisys commented Dec 7, 2022
edited
Loading

Date of report: 12/06/2022
Severity: Low

Due date is based on severity and described in RA-5. 15-days for Critical, 30-days for High, and 90-days for Moderate and lower.

  • ALB does not drop invalid headers (Low)
    • Detailed paths
    • This issue is...
      • The application load balancer is not set to drop invalid headers.
    • The impact of this is...
      • Maliciously crafted headers may be accepted by the load balancer
    • You can resolve it by...
      • Set drop_invalid_header_fields to true
  • ALB does not drop invalid headers (Low)
    • Detailed paths
    • This issue is...
      • The application load balancer is not set to drop invalid headers.
    • The impact of this is...
      • Maliciously crafted headers may be accepted by the load balancer
    • You can resolve it by...
      • Set drop_invalid_header_fields to true
@nickumia-reisys nickumia-reisys added compliance Relating to security compliance or documentation bug Software defect or bug labels Dec 7, 2022
@nickumia-reisys nickumia-reisys mentioned this issue Dec 7, 2022
Closed
1 task
@nickumia-reisys
Copy link
Contributor Author

Superseded by

@nickumia-reisys nickumia-reisys self-assigned this Oct 9, 2023
@nickumia-reisys nickumia-reisys moved this from ✔ Done to 🗄 Closed in data.gov team board Oct 9, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nickumia-reisys nickumia-reisys

Labels
bug Software defect or bug compliance Relating to security compliance or documentation
Projects
data.gov team board
Archived in project
Milestone
No milestone
Development

No branches or pull requests
1 participant
@nickumia-reisys