Lucene search
GoogleOSV:CVE-2017-16005HistoryJun 04, 2018 - 7:29 p.m.
CVE-2017-16005
2018-06-0419:29:00
Google
osv.dev
2
0.001 Low
EPSS
Percentile
35.3%
Http-signature is a “Reference implementation of Joyent’s HTTP Signature Scheme”. In versions <=0.9.11, http-signature signs only the header values, but not the header names. This makes http-signature vulnerable to header forgery. Thus, if an attacker can intercept a request, he can swap header names and change the meaning of the request without changing the signature.
Related
debiancve
debiancve
CVE-2017-16005
2018-06-04 19:29:00
osv
osv
Header Forgery in http-signature
2018-11-09 17:49:34
cvelist
cvelist
CVE-2017-16005
2018-04-26 00:00:00
cve
cve
CVE-2017-16005
2018-06-04 19:29:00
redhatcve
redhatcve
CVE-2017-16005
2019-10-12 03:49:27
nessus
nessus
RHEL 8 : nodejs-http-signature (Unpatched Vulnerability)
2024-05-11 00:00:00
RHEL 8 : nodejs-http-signature (Unpatched Vulnerability)
2024-06-03 00:00:00
prion
prion
Design/Logic Flaw
2018-06-04 19:29:00
github
github
Header Forgery in http-signature
2018-11-09 17:49:34
nodejs
nodejs
Header Forgery
2017-03-08 21:41:03
nvd
nvd
CVE-2017-16005
2018-06-04 19:29:00