Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2016:2101
HistoryOct 27, 2016 - 4:28 p.m.

(RHSA-2016:2101) Moderate: nodejs and nodejs-tough-cookie security, bug fix, and enhancement update

2016-10-2716:28:45
access.redhat.com
18

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.005 Low

EPSS

Percentile

76.6%

JSON

Red Hat OpenShift Container Platform is the company’s cloud computing
Platform-as-a-Service (PaaS) solution designed for on-premise or private
cloud deployments.

Security Fix(es):

  • A regular expression denial of service flaw was found in Tough-Cookie. An
    attacker able to make an application using Touch-Cookie to parse a
    sufficiently large HTTP request Cookie header could cause the application
    to consume an excessive amount of CPU. (CVE-2016-1000232)

  • It was found that the reason argument in ServerResponse#writeHead() was
    not properly validated. A remote attacker could possibly use this flaw to
    conduct an HTTP response splitting attack via a specially-crafted HTTP
    request. (CVE-2016-5325)

This advisory contains the RPM packages for this release. See the following
advisory for the container images fixes for this release:

https://access.redhat.com/errata/RHBA-2016:2100

Related

nessus 7
fedora 1
openvas 6
redhatcve 2
osv 2
nodejs 1
prion 2
ibm 8
veracode 2
github 1
cve 2
ubuntucve 1
debiancve 1
redhat 2
mageia 1
nodejsblog 2
gentoo 1
f5 1
suse 3
nessus
nessus
RHEL 7 : nodejs and nodejs-tough-cookie (RHSA-2016:2101)
2018-12-04 00:00:00
Fedora 23 : nodejs-tough-cookie (2016-286a8ec5b0)
2016-10-06 00:00:00
Fedora 24 : nodejs-tough-cookie (2016-c0fd203d6e)
2016-08-09 00:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: nodejs-tough-cookie-2.3.1-1.fc23
2016-10-01 04:23:52
openvas
openvas
Fedora Update for nodejs-tough-cookie FEDORA-2016-286a8ec5b0
2016-11-14 00:00:00
Mageia: Security Advisory (MGASA-2017-0204)
2022-01-28 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:2470-2)
2021-06-09 00:00:00
redhatcve
redhatcve
CVE-2016-1000232
2019-11-07 04:12:52
CVE-2016-5325
2016-06-15 16:19:00
osv
osv
CVE-2016-1000232
2018-09-05 17:29:00
ReDoS via long string of semicolons in tough-cookie
2018-10-10 18:57:02
nodejs
nodejs
ReDoS via long string of semicolons
2016-07-22 19:43:01
prion
prion
Design/Logic Flaw
2018-09-05 17:29:00
Crlf injection
2016-10-10 16:59:00
ibm
ibm
Security Bulletin: IBM API Connect is affected by Node.js tough-cookie module vulnerability to a denial of service (CVE-2016-1000232)
2018-06-15 07:08:52
Security Bulletin: Multiple vulnerabilities in Node.js affects IBM API Connect (CVE-2016-7099, CVE-2016-5325)
2018-06-15 07:07:05
Security Bulletin: Multiple vulnerabilities may affect IBM® SDK for Node.js™
2018-08-09 04:20:36
veracode
veracode
Regular Expression Denial Of Service (ReDoS) Via Long String Of Semicolons
2019-01-15 09:13:59
HTTP Response Splitting
2018-09-24 05:08:11
github
github
ReDoS via long string of semicolons in tough-cookie
2018-10-10 18:57:02
cve
cve
CVE-2016-1000232
2018-09-05 17:29:00
CVE-2016-5325
2016-10-10 16:59:00
ubuntucve
ubuntucve
CVE-2016-5325
2016-10-10 00:00:00
debiancve
debiancve
CVE-2016-5325
2016-10-10 16:59:00
redhat
redhat
(RHSA-2017:2912) Moderate: rh-nodejs4-nodejs-tough-cookie security update
2017-10-18 16:29:05
(RHSA-2017:0002) Important: rh-nodejs4-nodejs and rh-nodejs4-http-parser security update
2017-01-02 15:33:44
mageia
mageia
Updated nodejs packages fix security vulnerability
2017-07-13 12:10:46
nodejsblog
nodejsblog
Security updates for all active release lines, June 2016
2016-06-13 00:00:00
Security updates for all active release lines, September 2016
2016-09-23 00:00:00
gentoo
gentoo
Node.js: Multiple vulnerabilities
2016-12-13 00:00:00
f5
f5
K24444803 : Node.js vulnerabilities CVE-2015-8860, CVE-2015-8856, CVE-2016-7099, and CVE-2016-5325
2018-10-17 00:00:00
suse
suse
Security update for nodejs4 (important)
2016-11-01 16:19:35
Security update for nodejs4 (important)
2016-10-06 20:14:21
Security update for nodejs (important)
2016-10-11 19:20:03

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.005 Low

EPSS

Percentile

76.6%

JSON
Related for RHSA-2016:2101
nessus7fedora1openvas6redhatcve2osv2nodejs1prion2ibm8veracode2github1cve2ubuntucve1debiancve1redhat2mageia1nodejsblog2gentoo1f51suse3