Lucene search

[email protected]NVD:CVE-2017-16013

HistoryJun 04, 2018 - 7:29 p.m.

CVE-2017-16013

2018-06-0419:29:00

CWE-20

CWE-400

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

43.0%

JSON

hapi is a web and services application framework. When hapi >= 15.0.0 <= 16.1.0 encounters a malformed accept-encoding header an uncaught exception is thrown. This may cause hapi to crash or to hang the client connection until the timeout period is reached.

Affected configurations

Nvd

Node

hapijshapiRange15.0.0–16.1.0node.js

VendorProductVersionCPE
hapijshapi*cpe:2.3:a:hapijs:hapi:*:*:*:*:*:node.js:*:*

Vendor	Product	Version	CPE
hapijs	hapi	*	cpe:2.3:a:hapijs:hapi::::::node.js::*

References

github.com/hapijs/hapi/issues/3466

nodesecurity.io/advisories/335

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

43.0%

JSON

Related for NVD:CVE-2017-16013

prion1 nodejs1 osv2 veracode1 github1 cvelist1 cve1