• Englishๆ—ฅๆœฌ่ชžํ•œ๊ตญ์–ด
  • Log inStart now

Security Bulletin NR17-04

Summary

A security update for New Relic's .NET agent fixes a vulnerability where the agent could unintentionally capture service request parameters from WCF applications.

Release date: May 4, 2017

Vulnerability identifier: NR17-04

Priority: Medium

Affected software

The following New Relic agent versions are affected:

Name

Affected version

Notes

Remediated version

.NET agent

6.8.172.0 (and greater)

With WCF

6.11.613.0

Vulnerability information

New Relicโ€™s .NET Agent version 6.8.172.0 added visibility into Error Analytics. By default the agent will capture error events, and with WCF applications this is captured as event type TransactionError. New Relic has found that the service.request.* attributes may contain sensitive information that should not be sent to New Relic. A fix has been made to disable the collection of these parameters during the error collection. Customers are encouraged to upgrade to the latest version of the .NET agent.

Mitigating factors

  • Only .NET agents with Error Analytics and WCF applications are affected.
  • All service request attributes are disabled in High-security mode.

Workarounds

Users who are affected and unable to upgrade may choose to manually configure the .NET agent to not capture service request parameters. Users can exclude service.request.* attributes from the errorCollector stanza in their newrelic.config file.

<attributes enabled="true">
<exclude > service.request.*</exclude>
</attributes>

For details please refer to our .NET agent Error Collector configuration

Report security vulnerabilities to New Relic

New Relic is committed to the security of our customers and their data. If you believe you have found a security vulnerability in one of our products or websites, we welcome and greatly appreciate you reporting it to New Relic's coordinated disclosure program. For more information, see Reporting security vulnerabilities.

For more help

Additional documentation resources include:.

Copyright ยฉ 2024 New Relic Inc.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.