Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
f5F5F5:K24444803
HistoryOct 17, 2018 - 12:00 a.m.

K24444803 : Node.js vulnerabilities CVE-2015-8860, CVE-2015-8856, CVE-2016-7099, and CVE-2016-5325

2018-10-1700:00:00
my.f5.com
40

AI Score

5.8

Confidence

High

EPSS

0.004

Percentile

74.9%

JSON

Security Advisory Description

The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive.

Cross-site scripting (XSS) vulnerability in the serve-index package before 1.6.3 for Node.js allows remote attackers to inject arbitrary web script or HTML via a crafted file or directory name.

The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.

CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument.

Impact

There is no impact; F5 products are not affected by this vulnerability.

Related

openvas 9
mageia 1
ibm 8
debiancve 4
github 2
cve 4
nodejs 2
prion 4
ubuntucve 4
ubuntu 2
redhat 2
cvelist 4
osv 4
nessus 8
nvd 4
redhatcve 2
fedora 2
veracode 3
suse 3
nodejsblog 2
gentoo 1
openvas
openvas
Mageia: Security Advisory (MGASA-2017-0204)
2022-01-28 00:00:00
Ubuntu: Security Advisory (USN-4777-1)
2023-01-27 00:00:00
Fedora Update for nodejs FEDORA-2016-43ff70c6b1
2016-12-07 00:00:00
mageia
mageia
Updated nodejs packages fix security vulnerability
2017-07-13 12:10:46
ibm
ibm
Security Bulletin: Multiple vulnerabilities in Node.js affects IBM API Connect (CVE-2016-7099, CVE-2016-5325)
2018-06-15 07:07:05
Security Bulletin: Current Releases of IBM® SDK for Node.js™ are affected by CVE-2015-8860
2018-08-09 04:20:36
Security Bulletin: Multiple vulnerabilities may affect IBM® SDK for Node.js™ in IBM Bluemix
2018-08-09 04:20:36
debiancve
debiancve
CVE-2015-8856
2017-01-23 21:59:00
CVE-2015-8860
2017-01-23 21:59:00
CVE-2016-7099
2016-10-10 16:59:01
github
github
Cross-Site Scripting in serve-index
2017-10-24 18:33:36
Symlink Arbitrary File Overwrite in tar
2017-10-24 18:33:36
cve
cve
CVE-2015-8856
2017-01-23 21:59:00
CVE-2015-8860
2017-01-23 21:59:00
CVE-2016-5325
2016-10-10 16:59:00
nodejs
nodejs
Cross-Site Scripting
2015-10-17 19:41:46
Symlink Arbitrary File Overwrite
2015-11-03 07:15:12
prion
prion
Cross site scripting
2017-01-23 21:59:00
Code injection
2017-01-23 21:59:00
Design/Logic Flaw
2016-10-10 16:59:00
ubuntucve
ubuntucve
CVE-2015-8856
2017-01-23 00:00:00
CVE-2015-8860
2017-01-23 00:00:00
CVE-2016-5325
2016-10-10 00:00:00
ubuntu
ubuntu
node-tar vulnerability
2021-03-15 00:00:00
Node.js vulnerabilities
2021-03-15 00:00:00
redhat
redhat
(RHSA-2017:0002) Important: rh-nodejs4-nodejs and rh-nodejs4-http-parser security update
2017-01-02 15:33:44
(RHSA-2016:2101) Moderate: nodejs and nodejs-tough-cookie security, bug fix, and enhancement update
2016-10-27 16:28:45
cvelist
cvelist
CVE-2015-8860
2017-01-23 21:00:00
CVE-2015-8856
2017-01-23 21:00:00
CVE-2016-7099
2016-10-10 16:00:00
osv
osv
node-tar vulnerability
2021-03-15 20:52:28
Symlink Arbitrary File Overwrite in tar
2017-10-24 18:33:36
Cross-Site Scripting in serve-index
2017-10-24 18:33:36
nessus
nessus
Ubuntu 16.04 ESM : node-tar vulnerability (USN-4777-1)
2023-10-20 00:00:00
Fedora 25 : 1:nodejs (2016-43ff70c6b1)
2016-11-15 00:00:00
Fedora 24 : 1:nodejs (2016-861b8c46b7)
2016-10-12 00:00:00
nvd
nvd
CVE-2015-8860
2017-01-23 21:59:00
CVE-2015-8856
2017-01-23 21:59:00
CVE-2016-7099
2016-10-10 16:59:01
redhatcve
redhatcve
CVE-2016-5325
2016-06-15 16:19:00
CVE-2016-7099
2016-09-28 06:47:27
fedora
fedora
[SECURITY] Fedora 25 Update: nodejs-6.7.0-107.fc25
2016-10-09 03:20:39
[SECURITY] Fedora 24 Update: nodejs-4.6.0-5.fc24
2016-10-10 21:53:24
veracode
veracode
Man-in-the-Middle (MitM)
2018-09-24 07:23:39
HTTP Response Splitting
2018-09-24 05:08:11
Cross-site Scripting (XSS)
2018-03-01 03:10:54
suse
suse
Security update for nodejs4 (important)
2016-10-06 20:14:21
Security update for nodejs4 (important)
2016-11-01 16:19:35
Security update for nodejs (important)
2016-10-11 19:20:03
nodejsblog
nodejsblog
Security updates for all active release lines, June 2016
2016-06-13 00:00:00
Security updates for all active release lines, September 2016
2016-09-23 00:00:00
gentoo
gentoo
Node.js: Multiple vulnerabilities
2016-12-13 00:00:00

AI Score

5.8

Confidence

High

EPSS

0.004

Percentile

74.9%

JSON
Related for F5:K24444803
openvas9mageia1ibm8debiancve4github2cve4nodejs2prion4ubuntucve4ubuntu2redhat2cvelist4osv4nessus8nvd4redhatcve2fedora2veracode3suse3nodejsblog2gentoo1