Potential Denial of Service in Node.js. IBM DataPower Gateways has addressed the applicable CVE.
CVEID: CVE-2017-11499**
DESCRIPTION:** Node.js is vulnerable to a denial of service, caused by a flaw related to constant HashTable seeds. A remote attacker could exploit this vulnerability to flood the hash and cause a denial of service.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/129465 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
IBM DataPower Gateways appliances, versions 7.0.0.0-7.0.0.19, 7.1.0.0-7.1.0.18, 7.2.0.0-7.2.0.15
7.0.0.20, 7.1.0.19, 7.2.0.16
Fix is available in versions 7.0.0.20, 7.1.0.19, 7.2.0.16. Refer to APAR IT22120 for URLs to download the fix.
You should verify applying this fix does not cause any compatibility issues.
For DataPower customers using versions 6.x and earlier versions, IBM recommends upgrading to a fixed, supported version/release/platform of the product.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm datapower gateway | eq | 7.2 | |
ibm datapower gateway | eq | 7.1 | |
ibm datapower gateway | eq | 7.0.0 |