CVE-2018-12122
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
78.1%
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| nodejs | node.js | * | cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:* |
| nodejs | node.js | * | cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:* |
| suse | suse_enterprise_storage | 4 | cpe:2.3:a:suse:suse_enterprise_storage:4:*:*:*:*:*:*:* |
| suse | suse_linux_enterprise_server | 12 | cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:* |
| suse | suse_linux_enterprise_server | 15 | cpe:2.3:o:suse:suse_linux_enterprise_server:15:*:*:*:*:*:*:* |
| suse | suse_openstack_cloud | 7 | cpe:2.3:o:suse:suse_openstack_cloud:7:*:*:*:*:*:*:* |
| suse | suse_openstack_cloud | 8 | cpe:2.3:o:suse:suse_openstack_cloud:8:*:*:*:*:*:*:* |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
78.1%