February 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – Cisco Firepower Threat Defense And Management Center (FMC) Software Vulnerabilities
November 18, 2022Rewterz Threat Alert – Mirai Botnet – Active IOCs
November 18, 2022Rewterz Threat Advisory – Cisco Firepower Threat Defense And Management Center (FMC) Software Vulnerabilities
November 18, 2022Rewterz Threat Alert – Mirai Botnet – Active IOCs
November 18, 2022
Severity
Medium
Analysis Summary
CVE-2022-20826
Node.js is vulnerable to HTTP request smuggling, caused by the failure to correctly handle header fields that are not terminated with CLRF by the llhttp parser in the http module. A remote attacker could send a specially-crafted request to lead to HTTP Request Smuggling (HRS). An attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.
Impact
Security Bypass
Indicators Of Compromise
CVE
- CVE-2022-20826
Affected Vendors
Cisco
Affected Products
- Cisco Secure Firewall 3100 Series
Remediation
Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.