External Share for Jira

[DW-VA1P4xT] Security scan vulnerability found

Description

VA1P4xT (VMAX A1 G3 FW: 1.0.1.64)

Customer is reporting -

A security scan says our DW-VA1P4xT is vulnerable to the below issue:

https://www.cvedetails.com/cve/CVE-2022-41556
A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected. This is fixed in 1.4.67.

I have 1.0.1.64 installed. Will there be an update to correct this problem?

This looks very similar (based on the description) to the problem we encountered a few months back. Did you have a chance to investigate this? The above issue may resolve it.

Please let me know what will be done.

Attachments

image-20250307-005321.png

image-20241024-233908.png

image-20241024-233852.png

Upload attachments

Drop your files to upload

(Max file size: 1.00 GiB)

Uploading...

(Template) Current File Name (1 / 7) 123KB / 2.1MB

Child issues

Linked work items

relates to

VMAX-570 [DW-VA1G4] Apache CGI Source Code Viewing Vulnerability

Activity

Show:

Brandon Krebs updated the Resolution at 7 March 2025, 00:53

None → Done

Brandon Krebs changed the Status at 7 March 2025, 00:53

In Progress → Done

FOCUS_JH changed the Status at 4 March 2025, 06:39

To Do → In Progress

Brandon Krebs updated the Link at 6 February 2025, 18:48

None → This issue relates to VMAX-570

Brandon Krebs changed the Status at 21 November 2024, 22:39

In Progress → To Do

FOCUS_JH changed the Status at 25 October 2024, 04:55

To Do → In Progress

Unknown User created the Issue at 24 October 2024, 17:30

Details

Priority

Highest

Created: 24 October 2024, 17:30 Updated: 7 March 2025, 00:53