Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nodejsAdam BaldwinNODEJS:63
HistoryDec 23, 2015 - 10:04 p.m.

Denial of Service

2015-12-2322:04:46
Adam Baldwin
www.npmjs.com
14

EPSS

0.003

Percentile

70.5%

JSON

Overview

Versions of hapi prior to 11.1.3 are affected by a denial of service vulnerability.

The vulnerability is triggered when certain input is passed into the If-Modified-Since or Last-Modified headers.

This causes an ‘illegal access’ exception to be raised, and instead of sending a HTTP 500 error back to the sender, hapi will continue to hold the socket open until timed out (default node timeout is 2 minutes).

Recommendation

Update to v11.1.3 or later

References

Special thanks to James Halliday for bringing this exception pattern to our attention via the ecstatic advisory which lead to identifying this.

Related

prion 1
cve 1
nvd 1
osv 1
github 1
cvelist 1
prion
prion
Design/Logic Flaw
2018-05-29 20:29:00
cve
cve
CVE-2015-9241
2018-05-29 20:29:00
nvd
nvd
CVE-2015-9241
2018-05-29 20:29:00
osv
osv
Denial of Service in hapi
2018-06-07 19:43:15
github
github
Denial of Service in hapi
2018-06-07 19:43:15
cvelist
cvelist
CVE-2015-9241
2018-05-29 20:00:00

EPSS

0.003

Percentile

70.5%

JSON
Related for NODEJS:63
prion1cve1nvd1osv1github1cvelist1