{"id": "F5_BIGIP_SOL63025104.NASL", "bulletinFamily": "scanner", "title": "F5 Networks BIG-IP : NodeJS vulnerability (K63025104)", "description": "The Node.js inspector, in 6.x and later is vulnerable to a DNS\nrebinding attack which could be exploited to perform remote code\nexecution. An attack is possible from malicious websites open in a web\nbrowser on the same computer, or another computer with network access\nto the computer running the Node.js process. A malicious website could\nuse a DNS rebinding attack to trick the web browser to bypass\nsame-origin-policy checks and to allow HTTP connections to localhost\nor to hosts on the local network. If a Node.js process with the debug\nport active is running on localhost or on a host on the local network,\nthe malicious website could connect to it as a debugger, and get full\ncode execution access.(CVE-2018-7160)\n\nImpact\n\nAn attacker usinga malicious website may be able to remotely perform\narbitrary code execution.\n\nBIG-IP\n\nThis vulnerability isexposed when youlicenseand provisioniRulesLX\nandinvoke Node.jsusing an iRule, or when you install iAppsLXanduse the\nBIG-IP Configuration utility (GUI).\n\nF5 SSL Orchestrator\n\nThis vulnerability is exposed when using the Configuration utility\n(GUI) for F5 SSL Orchestrator.", "published": "2019-12-31T00:00:00", "modified": "2019-12-31T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/132574", "reporter": "This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://support.f5.com/csp/article/K63025104"], "cvelist": ["CVE-2018-7160"], "type": "nessus", "lastseen": "2020-03-17T23:20:48", "edition": 4, "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-7160"]}, {"type": "f5", "idList": ["F5:K63025104"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813471", "OPENVAS:1361412562310874337", "OPENVAS:1361412562310874326", "OPENVAS:1361412562310813480", "OPENVAS:1361412562310874324"]}, {"type": "fedora", "idList": ["FEDORA:336A5601C68D", "FEDORA:3ADCC618DE6A", "FEDORA:4F5D560BF24D", "FEDORA:9228F60BF265"]}, {"type": "freebsd", "idList": ["5A9BBB6E-32D3-11E8-A769-6DAABA161086"]}, {"type": "kaspersky", "idList": ["KLA11231"]}, {"type": "nessus", "idList": ["NODEJS_2018_MAR.NASL", "SUSE_SU-2018-1183-1.NASL", "FREEBSD_PKG_5A9BBB6E32D311E8A7696DAABA161086.NASL", "OPENSUSE-2018-444.NASL"]}, {"type": "redhat", "idList": ["RHSA-2018:2949"]}], "modified": "2020-03-17T23:20:48", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2020-03-17T23:20:48", "rev": 2}, "vulnersScore": 6.6}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K63025104.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132574);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/09\");\n\n script_cve_id(\"CVE-2018-7160\");\n\n script_name(english:\"F5 Networks BIG-IP : NodeJS vulnerability (K63025104)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Node.js inspector, in 6.x and later is vulnerable to a DNS\nrebinding attack which could be exploited to perform remote code\nexecution. An attack is possible from malicious websites open in a web\nbrowser on the same computer, or another computer with network access\nto the computer running the Node.js process. A malicious website could\nuse a DNS rebinding attack to trick the web browser to bypass\nsame-origin-policy checks and to allow HTTP connections to localhost\nor to hosts on the local network. If a Node.js process with the debug\nport active is running on localhost or on a host on the local network,\nthe malicious website could connect to it as a debugger, and get full\ncode execution access.(CVE-2018-7160)\n\nImpact\n\nAn attacker usinga malicious website may be able to remotely perform\narbitrary code execution.\n\nBIG-IP\n\nThis vulnerability isexposed when youlicenseand provisioniRulesLX\nandinvoke Node.jsusing an iRule, or when you install iAppsLXanduse the\nBIG-IP Configuration utility (GUI).\n\nF5 SSL Orchestrator\n\nThis vulnerability is exposed when using the Configuration utility\n(GUI) for F5 SSL Orchestrator.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K63025104\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K63025104.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K63025104\";\nvmatrix = make_array();\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"14.1.0\",\"14.0.0\",\"13.1.0-13.1.2\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"14.1.0.6\",\"14.0.0.5\",\"13.1.3\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"14.1.0\",\"14.0.0\",\"13.1.0-13.1.2\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"14.1.0.6\",\"14.0.0.5\",\"13.1.3\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"14.1.0\",\"14.0.0\",\"13.1.0-13.1.2\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"14.1.0.6\",\"14.0.0.5\",\"13.1.3\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"14.1.0\",\"14.0.0\",\"13.1.0-13.1.2\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"14.1.0.6\",\"14.0.0.5\",\"13.1.3\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"14.1.0\",\"14.0.0\",\"13.1.0-13.1.2\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"14.1.0.6\",\"14.0.0.5\",\"13.1.3\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"14.1.0\",\"14.0.0\",\"13.1.0-13.1.2\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"14.1.0.6\",\"14.0.0.5\",\"13.1.3\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"14.1.0\",\"14.0.0\",\"13.1.0-13.1.2\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"14.1.0.6\",\"14.0.0.5\",\"13.1.3\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"14.1.0\",\"14.0.0\",\"13.1.0-13.1.2\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"14.1.0.6\",\"14.0.0.5\",\"13.1.3\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"14.1.0\",\"14.0.0\",\"13.1.0-13.1.2\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"14.1.0.6\",\"14.0.0.5\",\"13.1.3\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "naslFamily": "F5 Networks Local Security Checks", "pluginID": "132574", "cpe": ["cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/h:f5:big-ip", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_access_policy_manager"], "scheme": null, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}

{"cve": [{"lastseen": "2020-12-09T20:25:46", "description": "The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access.", "edition": 10, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2018-05-17T14:29:00", "title": "CVE-2018-7160", "type": "cve", "cwe": ["CWE-290"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-7160"], "modified": "2020-02-13T16:51:00", "cpe": ["cpe:/a:nodejs:node.js:6.8.1"], "id": "CVE-2018-7160", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7160", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:nodejs:node.js:6.8.1:*:*:*:-:*:*:*"]}], "f5": [{"lastseen": "2020-04-06T22:39:54", "bulletinFamily": "software", "cvelist": ["CVE-2018-7160"], "description": "\nF5 Product Development has assigned ID 754103 (BIG-IP) to this vulnerability.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases, point releases, or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, FPS, GTM, Link Controller, PEM) | 15.x | None | Not applicable | Medium | [5.8](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L>) | iAppsLX (Configuration utility) \niRulesLX \n14.x | 14.1.0 \n14.0.0 | 14.1.0.6 \n14.0.0.5 \n13.x | 13.1.0 - 13.1.2 | 13.1.3 \n12.x | None | Not applicable \n11.x | None | Not applicable \nF5 SSL Orchestrator | 15.x | None | Not applicable | Medium | [5.8](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L>) | iAppsLX (Configuration utility) \n14.x | 14.1.0 \n14.0.0 | 14.1.0.6 \n14.0.0.5 \n13.x | 13.1.0 - 13.1.2 | 13.1.3 \n12.x | None | Not applicable \nEnterprise Manager | 3.x | None | Not applicable | Not vulnerable | None | None \nBIG-IQ Centralized Management | 7.x | None | Not applicable | Not vulnerable | None | None \n6.x | None | Not applicable \n5.x | None | Not applicable \nF5 iWorkflow | 2.x | None | Not applicable | Not vulnerable | None | None \nTraffix SDC | 5.x | None | Not applicable | Not vulnerable | None | None \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K9502: BIG-IP hotfix and point release matrix](<https://support.f5.com/csp/article/K9502>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 15.x)](<https://support.f5.com/csp/article/K13123>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2019-11-26T00:59:00", "published": "2019-11-26T00:59:00", "id": "F5:K63025104", "href": "https://support.f5.com/csp/article/K63025104", "title": "NodeJS vulnerability CVE-2018-7160", "type": "f5", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-07-17T14:13:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7160"], "description": "The host is installed with Node.js and is\n prone to a DNS rebinding vulnerability.", "modified": "2019-07-05T00:00:00", "published": "2018-07-10T00:00:00", "id": "OPENVAS:1361412562310813480", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813480", "type": "openvas", "title": "Node.js DNS rebinding vulnerability (Mac OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Node.js DNS rebinding vulnerability (Mac OS X)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:nodejs:node.js\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813480\");\n script_version(\"2019-07-05T10:16:38+0000\");\n script_cve_id(\"CVE-2018-7160\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 10:16:38 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-07-10 11:51:55 +0530 (Tue, 10 Jul 2018)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"Node.js DNS rebinding vulnerability (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Node.js and is\n prone to a DNS rebinding vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to inclusion of an\n errored service called 'inspector' or 'debugger'.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute remote code on affected system.\");\n\n script_tag(name:\"affected\", value:\"Node.js versions 6.x prior to 6.14.0, 8.x\n prior to 8.11.0 and 9.x prior to 9.10.0\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Node.js version 6.14.0 or 8.11.0\n or 9.10.0 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/\");\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_nodejs_detect_macosx.nasl\");\n script_mandatory_keys(\"Nodejs/MacOSX/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( isnull( appPort = get_app_port( cpe:CPE ) ) ) exit( 0 );\nif( ! infos = get_app_version_and_location( cpe:CPE, port:appPort, exit_no_version:TRUE ) ) exit( 0 );\nnodejsVer = infos['version'];\nappPath = infos['location'];\n\nif(nodejsVer =~ \"^6\\.\" && version_is_less(version:nodejsVer, test_version:\"6.14.0\")){\n fix = \"6.14.0\";\n}\n\nelse if(nodejsVer =~ \"^8\\.\" && version_is_less(version:nodejsVer, test_version:\"8.11.0\")){\n fix = \"8.11.0\";\n}\n\nelse if(nodejsVer =~ \"^9\\.\" && version_is_less(version:nodejsVer, test_version:\"9.10.0\")){\n fix = \"9.10.0\";\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:nodejsVer, fixed_version:fix, install_path:appPath);\n security_message(port:appPort, data:report);\n exit(0);\n}\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-17T14:13:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7160"], "description": "The host is installed with Node.js and is\n prone to a DNS rebinding vulnerability.", "modified": "2019-07-05T00:00:00", "published": "2018-07-09T00:00:00", "id": "OPENVAS:1361412562310813471", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813471", "type": "openvas", "title": "Node.js DNS rebinding vulnerability (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Node.js DNS rebinding vulnerability (Windows)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:nodejs:node.js\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813471\");\n script_version(\"2019-07-05T10:16:38+0000\");\n script_cve_id(\"CVE-2018-7160\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 10:16:38 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-07-09 17:20:49 +0530 (Mon, 09 Jul 2018)\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_name(\"Node.js DNS rebinding vulnerability (Windows)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Node.js and is\n prone to a DNS rebinding vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to inclusion of an\n errored service called 'inspector' or 'debugger'.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute remote code on affected system.\");\n\n script_tag(name:\"affected\", value:\"Node.js versions 6.x prior to 6.14.0, 8.x\n prior to 8.11.0 and 9.x prior to 9.10.0\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Node.js version 6.14.0 or 8.11.0\n or 9.10.0 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/\");\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_nodejs_detect_win.nasl\");\n script_mandatory_keys(\"Nodejs/Win/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( isnull( appPort = get_app_port( cpe:CPE ) ) ) exit( 0 );\nif( ! infos = get_app_version_and_location( cpe:CPE, port:appPort, exit_no_version:TRUE ) ) exit( 0 );\nnodejsVer = infos['version'];\nappPath = infos['location'];\n\nif(nodejsVer =~ \"^6\\.\" && version_is_less(version:nodejsVer, test_version:\"6.14.0\")){\n fix = \"6.14.0\";\n}\n\nelse if(nodejsVer =~ \"^8\\.\" && version_is_less(version:nodejsVer, test_version:\"8.11.0\")){\n fix = \"8.11.0\";\n}\n\nelse if(nodejsVer =~ \"^9\\.\" && version_is_less(version:nodejsVer, test_version:\"9.10.0\")){\n fix = \"9.10.0\";\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:nodejsVer, fixed_version:fix, install_path:appPath);\n security_message(port:appPort, data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7160", "CVE-2018-7158", "CVE-2018-7159"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-04-04T00:00:00", "id": "OPENVAS:1361412562310874326", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874326", "type": "openvas", "title": "Fedora Update for libuv FEDORA-2018-ecf73042e3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_ecf73042e3_libuv_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for libuv FEDORA-2018-ecf73042e3\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874326\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-04-04 08:41:45 +0200 (Wed, 04 Apr 2018)\");\n script_cve_id(\"CVE-2018-7158\", \"CVE-2018-7159\", \"CVE-2018-7160\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libuv FEDORA-2018-ecf73042e3\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libuv'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"libuv on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-ecf73042e3\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TWFY7XD2HLMCDHQ6FGGU6GCPH5RNNFIQ\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"libuv\", rpm:\"libuv~1.19.2~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7160", "CVE-2018-7158", "CVE-2018-7159"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-04-04T00:00:00", "id": "OPENVAS:1361412562310874324", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874324", "type": "openvas", "title": "Fedora Update for nodejs FEDORA-2018-ecf73042e3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_ecf73042e3_nodejs_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for nodejs FEDORA-2018-ecf73042e3\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874324\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-04-04 08:41:34 +0200 (Wed, 04 Apr 2018)\");\n script_cve_id(\"CVE-2018-7158\", \"CVE-2018-7159\", \"CVE-2018-7160\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for nodejs FEDORA-2018-ecf73042e3\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nodejs'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"nodejs on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-ecf73042e3\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YNDB7OOHGGSPMIELVOUE5AYAJ3PO5DAI\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"nodejs\", rpm:\"nodejs~8.11.0~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7160", "CVE-2018-7158", "CVE-2018-7159"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-04-07T00:00:00", "id": "OPENVAS:1361412562310874337", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874337", "type": "openvas", "title": "Fedora Update for nodejs FEDORA-2018-e672eaf4df", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_e672eaf4df_nodejs_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for nodejs FEDORA-2018-e672eaf4df\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874337\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-04-07 06:24:33 +0200 (Sat, 07 Apr 2018)\");\n script_cve_id(\"CVE-2018-7158\", \"CVE-2018-7159\", \"CVE-2018-7160\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for nodejs FEDORA-2018-e672eaf4df\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nodejs'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"nodejs on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-e672eaf4df\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VWNIJUQHBGKOST6ZUOIDBC7PMTYP2POX\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"nodejs\", rpm:\"nodejs~6.14.0~1.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:31:57", "bulletinFamily": "unix", "cvelist": ["CVE-2018-7160", "CVE-2018-7158", "CVE-2018-7159"], "description": "\nNode.js reports:\n\nNode.js Inspector DNS rebinding vulnerability (CVE-2018-7160)\nNode.js 6.x and later include a debugger protocol (also known as \"inspector\") that can be activated by the --inspect and related command line flags. This debugger service was vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution.\n'path' module regular expression denial of service (CVE-2018-7158)\nThe 'path' module in the Node.js 4.x release line contains a potential regular expression denial of service (ReDoS) vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x.\nSpaces in HTTP Content-Length header values are ignored (CVE-2018-7159)\nThe HTTP parser in all current versions of Node.js ignores spaces in the Content-Length header, allowing input such as Content-Length: 1 2 to be interpreted as having a value of 12. The HTTP specification does not allow for spaces in the Content-Length value and the Node.js HTTP parser has been brought into line on this particular difference.\n\n", "edition": 5, "modified": "2018-03-28T00:00:00", "published": "2018-03-21T00:00:00", "id": "5A9BBB6E-32D3-11E8-A769-6DAABA161086", "href": "https://vuxml.freebsd.org/freebsd/5a9bbb6e-32d3-11e8-a769-6daaba161086.html", "title": "node.js -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "kaspersky": [{"lastseen": "2020-09-02T11:49:10", "bulletinFamily": "info", "cvelist": ["CVE-2018-7160", "CVE-2018-7158", "CVE-2018-7159"], "description": "### *Detect date*:\n03/27/2018\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Node.js. Malicious users can exploit these vulnerabilities to cause denial of service.\n\n### *Affected products*:\nNode.js earlier than 9.10.0 \nNode.js earlier than 8.11.0 \nNode.js earlier than 6.14.0 \nNode.js earlier than 4.9.0\n\n### *Solution*:\nUpdate to the latest version \n[Download Node.js](<https://nodejs.org/en/download/>)\n\n### *Original advisories*:\n[March 2018 Security Releases](<https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Node.js](<https://threats.kaspersky.com/en/product/Node.js/>)\n\n### *CVE-IDS*:\n[CVE-2018-7159](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7159>) \n[CVE-2018-7160](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7160>) \n[CVE-2018-7158](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7158>)", "edition": 22, "modified": "2018-11-15T00:00:00", "published": "2018-03-27T00:00:00", "id": "KLA11231", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11231", "title": "\r KLA11231Multiple vulnerabilities in Node.js ", "type": "kaspersky", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2020-09-14T18:43:16", "description": "This update for nodejs6 fixes the following issues :\n\n - Fix some node-gyp permissions\n\n - New upstream LTS release 6.14.1 :\n\n - Security fixes :\n\n + CVE-2018-7160: Fix for inspector DNS rebinding\n vulnerability (bsc#1087463)\n\n + CVE-2018-7158: Fix for 'path' module regular expression\n denial of service (bsc#1087459)\n\n + CVE-2018-7159: Reject spaces in HTTP Content-Length\n header values (bsc#1087453)\n\n - New upstream LTS release 6.13.1 :\n\n - http,tls: better support for IPv6 addresses\n\n - console: added console.count() and console.clear()\n\n - crypto :\n\n + expose ECDH class\n\n + added cypto.randomFill() and crypto.randomFillSync()\n\n + warn on invalid authentication tag length\n\n - deps: upgrade libuv to 1.16.1\n\n - dgram: added socket.setMulticastInterface()\n\n - http: add agent.keepSocketAlive and agent.reuseSocket as to allow\noverridable keep-alive behavior of Agent\n\n - lib: return this from net.Socket.end()\n\n - module: add builtinModules api that provides list of all\n builtin modules in Node\n\n - net: return this from getConnections()\n\n - promises: more robust stringification for unhandled\n rejections\n\n - repl: improve require() autocompletion\n\n - src :\n\n + add openssl-system-ca-path configure option\n\n + add --use-bundled-ca --use-openssl-ca check\n\n + add process.ppid\n\n - tls: accept lookup option for tls.connect()\n\n - tools,build: a new macOS installer!\n\n - url: WHATWG URL api support\n\n - util: add %i and %f formatting specifiers\n\n - remove any old manpage files in %pre from before\n update-alternatives were used to manage symlinks to\n these manpages.\n\n - Add Recommends and BuildRequire on python2 for npm.\n node-gyp requires this old version of python for now.\n This is only needed for binary modules.\n\n - even on recent codestreams there is no binutils gold on\n s390 only on s390x\n\n - New upstream LTS release 6.12.3 :\n\n - v8: profiler-related fixes\n\n - mostly documentation and test related changes\n\n - Enable CI tests in %check target\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 11, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-01-02T00:00:00", "title": "SUSE SLES12 Security Update : nodejs6 (SUSE-SU-2018:1183-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7160", "CVE-2018-7158", "CVE-2018-7159"], "modified": "2019-01-02T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:nodejs6-devel", "p-cpe:/a:novell:suse_linux:nodejs6-debugsource", "p-cpe:/a:novell:suse_linux:nodejs6", "p-cpe:/a:novell:suse_linux:npm6", "p-cpe:/a:novell:suse_linux:nodejs6-debuginfo"], "id": "SUSE_SU-2018-1183-1.NASL", "href": "https://www.tenable.com/plugins/nessus/120022", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:1183-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(120022);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/20\");\n\n script_cve_id(\"CVE-2018-7158\", \"CVE-2018-7159\", \"CVE-2018-7160\");\n\n script_name(english:\"SUSE SLES12 Security Update : nodejs6 (SUSE-SU-2018:1183-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for nodejs6 fixes the following issues :\n\n - Fix some node-gyp permissions\n\n - New upstream LTS release 6.14.1 :\n\n - Security fixes :\n\n + CVE-2018-7160: Fix for inspector DNS rebinding\n vulnerability (bsc#1087463)\n\n + CVE-2018-7158: Fix for 'path' module regular expression\n denial of service (bsc#1087459)\n\n + CVE-2018-7159: Reject spaces in HTTP Content-Length\n header values (bsc#1087453)\n\n - New upstream LTS release 6.13.1 :\n\n - http,tls: better support for IPv6 addresses\n\n - console: added console.count() and console.clear()\n\n - crypto :\n\n + expose ECDH class\n\n + added cypto.randomFill() and crypto.randomFillSync()\n\n + warn on invalid authentication tag length\n\n - deps: upgrade libuv to 1.16.1\n\n - dgram: added socket.setMulticastInterface()\n\n - http: add agent.keepSocketAlive and agent.reuseSocket as to allow\noverridable keep-alive behavior of Agent\n\n - lib: return this from net.Socket.end()\n\n - module: add builtinModules api that provides list of all\n builtin modules in Node\n\n - net: return this from getConnections()\n\n - promises: more robust stringification for unhandled\n rejections\n\n - repl: improve require() autocompletion\n\n - src :\n\n + add openssl-system-ca-path configure option\n\n + add --use-bundled-ca --use-openssl-ca check\n\n + add process.ppid\n\n - tls: accept lookup option for tls.connect()\n\n - tools,build: a new macOS installer!\n\n - url: WHATWG URL api support\n\n - util: add %i and %f formatting specifiers\n\n - remove any old manpage files in %pre from before\n update-alternatives were used to manage symlinks to\n these manpages.\n\n - Add Recommends and BuildRequire on python2 for npm.\n node-gyp requires this old version of python for now.\n This is only needed for binary modules.\n\n - even on recent codestreams there is no binutils gold on\n s390 only on s390x\n\n - New upstream LTS release 6.12.3 :\n\n - v8: profiler-related fixes\n\n - mostly documentation and test related changes\n\n - Enable CI tests in %check target\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087453\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087459\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-7158/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-7159/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-7160/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20181183-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?674d3723\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2018-825=1\n\nSUSE Linux Enterprise Module for Web Scripting 12:zypper in -t patch\nSUSE-SLE-Module-Web-Scripting-12-2018-825=1\n\nSUSE Enterprise Storage 4:zypper in -t patch SUSE-Storage-4-2018-825=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs6-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs6-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:nodejs6-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:npm6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"nodejs6-6.14.1-11.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"nodejs6-debuginfo-6.14.1-11.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"nodejs6-debugsource-6.14.1-11.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"nodejs6-devel-6.14.1-11.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"npm6-6.14.1-11.12.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nodejs6\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-05T12:02:26", "description": "The version of Node.js installed on the remote host is 4.x prior to 4.9.0, 6.x prior to 6.14.0, 8.x prior to 8.11.0 or\n9.x prior to 9.10.0. It is, therefore, affected by multiple vulnerabilities.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.", "edition": 22, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-11-14T00:00:00", "title": "Node.js multiple vulnerabilities (March 2018 Security Releases).", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7160", "CVE-2018-7158", "CVE-2018-7159"], "modified": "2018-11-14T00:00:00", "cpe": ["cpe:/a:nodejs:node.js"], "id": "NODEJS_2018_MAR.NASL", "href": "https://www.tenable.com/plugins/nessus/118933", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118933);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/04\");\n\n script_cve_id(\"CVE-2018-7158\", \"CVE-2018-7159\", \"CVE-2018-7160\");\n\n script_name(english:\"Node.js multiple vulnerabilities (March 2018 Security Releases).\");\n script_summary(english:\"Checks the Node.js version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"Node.js - JavaScript run-time environment is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Node.js installed on the remote host is 4.x prior to 4.9.0, 6.x prior to 6.14.0, 8.x prior to 8.11.0 or\n9.x prior to 9.10.0. It is, therefore, affected by multiple vulnerabilities.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d516633a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade Node.js to a recommended by vendor version or above.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-7160\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:nodejs:node.js\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"nodejs_win_installed.nbin\", \"macosx_nodejs_installed.nbin\");\n script_require_keys(\"installed_sw/Node.js\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nwin_local = FALSE;\nif (get_kb_item('SMB/Registry/Enumerated')) win_local = TRUE;\n\napp_info = vcf::get_app_info(app:'Node.js', win_local:win_local);\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nconstraints = [\n { 'min_version' : '4.0.0', 'fixed_version' : '4.9.0' },\n { 'min_version' : '6.0.0', 'fixed_version' : '6.14.0' },\n { 'min_version' : '8.0.0', 'fixed_version' : '8.11.0' },\n { 'min_version' : '9.0.0', 'fixed_version' : '9.10.0' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T02:39:36", "description": "Node.js reports : Node.js Inspector DNS rebinding vulnerability\n(CVE-2018-7160) Node.js 6.x and later include a debugger protocol\n(also known as 'inspector') that can be activated by the --inspect and\nrelated command line flags. This debugger service was vulnerable to a\nDNS rebinding attack which could be exploited to perform remote code\nexecution. 'path' module regular expression denial of service\n(CVE-2018-7158) The 'path' module in the Node.js 4.x release line\ncontains a potential regular expression denial of service (ReDoS)\nvector. The code in question was replaced in Node.js 6.x and later so\nthis vulnerability only impacts all versions of Node.js 4.x. Spaces in\nHTTP Content-Length header values are ignored (CVE-2018-7159) The HTTP\nparser in all current versions of Node.js ignores spaces in the\nContent-Length header, allowing input such as Content-Length: 1 2 to\nbe interpreted as having a value of 12. The HTTP specification does\nnot allow for spaces in the Content-Length value and the Node.js HTTP\nparser has been brought into line on this particular difference.", "edition": 25, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-03-30T00:00:00", "title": "FreeBSD : node.js -- multiple vulnerabilities (5a9bbb6e-32d3-11e8-a769-6daaba161086)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7160", "CVE-2018-7158", "CVE-2018-7159"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:node8", "p-cpe:/a:freebsd:freebsd:node6", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:node", "p-cpe:/a:freebsd:freebsd:node4"], "id": "FREEBSD_PKG_5A9BBB6E32D311E8A7696DAABA161086.NASL", "href": "https://www.tenable.com/plugins/nessus/108738", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108738);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/11/10 11:49:46\");\n\n script_cve_id(\"CVE-2018-7158\", \"CVE-2018-7159\", \"CVE-2018-7160\");\n\n script_name(english:\"FreeBSD : node.js -- multiple vulnerabilities (5a9bbb6e-32d3-11e8-a769-6daaba161086)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Node.js reports : Node.js Inspector DNS rebinding vulnerability\n(CVE-2018-7160) Node.js 6.x and later include a debugger protocol\n(also known as 'inspector') that can be activated by the --inspect and\nrelated command line flags. This debugger service was vulnerable to a\nDNS rebinding attack which could be exploited to perform remote code\nexecution. 'path' module regular expression denial of service\n(CVE-2018-7158) The 'path' module in the Node.js 4.x release line\ncontains a potential regular expression denial of service (ReDoS)\nvector. The code in question was replaced in Node.js 6.x and later so\nthis vulnerability only impacts all versions of Node.js 4.x. Spaces in\nHTTP Content-Length header values are ignored (CVE-2018-7159) The HTTP\nparser in all current versions of Node.js ignores spaces in the\nContent-Length header, allowing input such as Content-Length: 1 2 to\nbe interpreted as having a value of 12. The HTTP specification does\nnot allow for spaces in the Content-Length value and the Node.js HTTP\nparser has been brought into line on this particular difference.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/\"\n );\n # https://vuxml.freebsd.org/freebsd/5a9bbb6e-32d3-11e8-a769-6daaba161086.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f65da06c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:node\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:node4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:node6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:node8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"node4<4.9.0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"node6<6.14.0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"node8<8.11.0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"node<9.10.0\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-14T16:43:12", "description": "This update for nodejs6 fixes the following issues :\n\n - Fix some node-gyp permissions\n\n - New upstream LTS release 6.14.1 :\n\n - Security fixes :\n\n + CVE-2018-7160: Fix for inspector DNS rebinding\n vulnerability (bsc#1087463)\n\n + CVE-2018-7158: Fix for 'path' module regular expression\n denial of service (bsc#1087459)\n\n + CVE-2018-7159: Reject spaces in HTTP Content-Length\n header values (bsc#1087453)\n\n - New upstream LTS release 6.13.1 :\n\n - http,tls: better support for IPv6 addresses\n\n - console: added console.count() and console.clear()\n\n - crypto :\n\n + expose ECDH class\n\n + added cypto.randomFill() and crypto.randomFillSync()\n\n + warn on invalid authentication tag length\n\n - deps: upgrade libuv to 1.16.1\n\n - dgram: added socket.setMulticastInterface()\n\n - http: add agent.keepSocketAlive and agent.reuseSocket as to\nallow overridable keep-alive behavior of Agent\n\n - lib: return this from net.Socket.end()\n\n - module: add builtinModules api that provides list of all\n builtin modules in Node\n\n - net: return this from getConnections()\n\n - promises: more robust stringification for unhandled\n rejections\n\n - repl: improve require() autocompletion\n\n - src :\n\n + add openssl-system-ca-path configure option\n\n + add --use-bundled-ca --use-openssl-ca check\n\n + add process.ppid\n\n - tls: accept lookup option for tls.connect()\n\n - tools,build: a new macOS installer!\n\n - url: WHATWG URL api support\n\n - util: add %i and %f formatting specifiers\n\n - remove any old manpage files in %pre from before\n update-alternatives were used to manage symlinks to\n these manpages.\n\n - Add Recommends and BuildRequire on python2 for npm.\n node-gyp requires this old version of python for now.\n This is only needed for binary modules.\n\n - even on recent codestreams there is no binutils gold on\n s390 only on s390x\n\n - New upstream LTS release 6.12.3 :\n\n - v8: profiler-related fixes\n\n - mostly documentation and test related changes\n\n - Enable CI tests in %check target\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "edition": 19, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-05-11T00:00:00", "title": "openSUSE Security Update : nodejs6 (openSUSE-2018-444)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-7160", "CVE-2018-7158", "CVE-2018-7159"], "modified": "2018-05-11T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:nodejs6-debugsource", "p-cpe:/a:novell:opensuse:nodejs6-devel", "p-cpe:/a:novell:opensuse:nodejs6-debuginfo", "p-cpe:/a:novell:opensuse:nodejs6", "cpe:/o:novell:opensuse:42.3", "p-cpe:/a:novell:opensuse:npm6"], "id": "OPENSUSE-2018-444.NASL", "href": "https://www.tenable.com/plugins/nessus/109717", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-444.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109717);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2018-7158\", \"CVE-2018-7159\", \"CVE-2018-7160\");\n\n script_name(english:\"openSUSE Security Update : nodejs6 (openSUSE-2018-444)\");\n script_summary(english:\"Check for the openSUSE-2018-444 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for nodejs6 fixes the following issues :\n\n - Fix some node-gyp permissions\n\n - New upstream LTS release 6.14.1 :\n\n - Security fixes :\n\n + CVE-2018-7160: Fix for inspector DNS rebinding\n vulnerability (bsc#1087463)\n\n + CVE-2018-7158: Fix for 'path' module regular expression\n denial of service (bsc#1087459)\n\n + CVE-2018-7159: Reject spaces in HTTP Content-Length\n header values (bsc#1087453)\n\n - New upstream LTS release 6.13.1 :\n\n - http,tls: better support for IPv6 addresses\n\n - console: added console.count() and console.clear()\n\n - crypto :\n\n + expose ECDH class\n\n + added cypto.randomFill() and crypto.randomFillSync()\n\n + warn on invalid authentication tag length\n\n - deps: upgrade libuv to 1.16.1\n\n - dgram: added socket.setMulticastInterface()\n\n - http: add agent.keepSocketAlive and agent.reuseSocket as to\nallow overridable keep-alive behavior of Agent\n\n - lib: return this from net.Socket.end()\n\n - module: add builtinModules api that provides list of all\n builtin modules in Node\n\n - net: return this from getConnections()\n\n - promises: more robust stringification for unhandled\n rejections\n\n - repl: improve require() autocompletion\n\n - src :\n\n + add openssl-system-ca-path configure option\n\n + add --use-bundled-ca --use-openssl-ca check\n\n + add process.ppid\n\n - tls: accept lookup option for tls.connect()\n\n - tools,build: a new macOS installer!\n\n - url: WHATWG URL api support\n\n - util: add %i and %f formatting specifiers\n\n - remove any old manpage files in %pre from before\n update-alternatives were used to manage symlinks to\n these manpages.\n\n - Add Recommends and BuildRequire on python2 for npm.\n node-gyp requires this old version of python for now.\n This is only needed for binary modules.\n\n - even on recent codestreams there is no binutils gold on\n s390 only on s390x\n\n - New upstream LTS release 6.12.3 :\n\n - v8: profiler-related fixes\n\n - mostly documentation and test related changes\n\n - Enable CI tests in %check target\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1087453\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1087459\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1087463\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected nodejs6 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs6-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs6-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nodejs6-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:npm6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"nodejs6-6.14.1-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"nodejs6-debuginfo-6.14.1-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"nodejs6-debugsource-6.14.1-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"nodejs6-devel-6.14.1-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"npm6-6.14.1-9.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nodejs6 / nodejs6-debuginfo / nodejs6-debugsource / nodejs6-devel / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-7158", "CVE-2018-7159", "CVE-2018-7160"], "description": "Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. ", "modified": "2018-04-03T14:52:54", "published": "2018-04-03T14:52:54", "id": "FEDORA:9228F60BF265", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: nodejs-8.11.0-1.fc27", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-7158", "CVE-2018-7159", "CVE-2018-7160"], "description": "Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. ", "modified": "2018-04-09T13:28:52", "published": "2018-04-09T13:28:52", "id": "FEDORA:336A5601C68D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: nodejs-8.11.0-1.fc28", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-7158", "CVE-2018-7159", "CVE-2018-7160"], "description": "libuv is a new platform layer for Node. Its purpose is to abstract IOCP on Windows and libev on Unix systems. We intend to eventually contain all plat form differences in this library. ", "modified": "2018-04-03T14:52:54", "published": "2018-04-03T14:52:54", "id": "FEDORA:4F5D560BF24D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: libuv-1.19.2-1.fc27", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-7158", "CVE-2018-7159", "CVE-2018-7160"], "description": "Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. ", "modified": "2018-04-06T14:38:24", "published": "2018-04-06T14:38:24", "id": "FEDORA:3ADCC618DE6A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: nodejs-6.14.0-1.fc26", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-12-11T13:31:40", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12115", "CVE-2018-7159", "CVE-2018-7160", "CVE-2018-7161", "CVE-2018-7167"], "description": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.\n\nThe following packages have been upgraded to a later upstream version: rh-nodejs8-nodejs (8.11.4). (BZ#1621761)\n\nSecurity Fix(es):\n\n* nodejs: Out of bounds (OOB) write via UCS-2 encoding (CVE-2018-12115)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2018-11-08T19:23:54", "published": "2018-10-18T13:47:33", "id": "RHSA-2018:2949", "href": "https://access.redhat.com/errata/RHSA-2018:2949", "type": "redhat", "title": "(RHSA-2018:2949) Important: rh-nodejs8-nodejs security update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}]}