Description
Golang Go is prone to an HTTP-request-smuggling vulnerability. A remote attacker may leverage this issue to poison web caches,bypass security defenses, launch cross-site scripting and HTML-injection attacks, and execute session-hijacking attacks. Other attacks are also possible. Versions prior to Golang Go 1.12.10 and 1.13.1 are vulnerable.
Technologies Affected
- IBM Cloud Private 3.2.0 CD
- IBM Cloud Private 3.2.0.1911
- IBM Cloud Private 3.2.1 CD
- IBM Cloud Private 3.2.1.1911
- NetApp Cloud Insights Telegraf Agent
- golang Go 1.1
- golang Go 1.10
- golang Go 1.10.1
- golang Go 1.10.2
- golang Go 1.10.3
- golang Go 1.10.4
- golang Go 1.10.5
- golang Go 1.10.6
- golang Go 1.10.7
- golang Go 1.10.8
- golang Go 1.11
- golang Go 1.11.1
- golang Go 1.11.2
- golang Go 1.11.3
- golang Go 1.11.4
- golang Go 1.11.5
- golang Go 1.12
- golang Go 1.12.1
- golang Go 1.12.5
- golang Go 1.13
- golang Go 1.2
- golang Go 1.3
- golang Go 1.3.1
- golang Go 1.3.2
- golang Go 1.4
- golang Go 1.4.2
- golang Go 1.5
- golang Go 1.5.1
- golang Go 1.5.2
- golang Go 1.5.3
- golang Go 1.5.4
- golang Go 1.5Rc1
- golang Go 1.6.1
- golang Go 1.6.2
- golang Go 1.6.3
- golang Go 1.6.4
- golang Go 1.7.1
- golang Go 1.7.2
- golang Go 1.7.3
- golang Go 1.7.4
- golang Go 1.7.5
- golang Go 1.7.6
- golang Go 1.8.0
- golang Go 1.8.1
- golang Go 1.8.2
- golang Go 1.8.3
- golang Go 1.8.4
- golang Go 1.9.0
- golang Go 1.9.1
Recommendations
Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to detect potential attacks. Flag on anomalous HTTP requests and headers that might be used to leverage this style of attack. Audit logs regularly and adjust policies accordingly.
Updates are available. Please see the references or vendor advisory for more information.