The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the Sec-Websocket-Protocol header can be used to significantly slow down a ws server. The vulnerability has been fixed in ws@7.4.6 (https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff). In vulnerable versions of ws, the issue can be mitigated by reducing the maximum allowed length of the request headers using the –max-http-header- size=size and/or the maxHeaderSize options. (CVE-2021-32640) Note that Nessus relies on the presence of the package as reported by the vendor. File data…Read More
Linux Distros Unpatched Vulnerability : CVE-2021-32640
