Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2017:2912
HistoryOct 18, 2017 - 4:29 p.m.

(RHSA-2017:2912) Moderate: rh-nodejs4-nodejs-tough-cookie security update

2017-10-1816:29:05
access.redhat.com
68

0.011 Low

EPSS

Percentile

84.7%

JSON

Tough-Cookie is a Node.js module that offers RFC6265 Cookies and Cookie Jar.

The following packages have been upgraded to a later upstream version: rh-nodejs4-nodejs-tough-cookie (2.3.3). (BZ#1497695)

Security Fix(es):

  • Regular expression denial of service flaws were found in Tough-Cookie. An attacker able to make an application using Touch-Cookie to parse a sufficiently large HTTP request Cookie header could cause the application to consume an excessive amount of CPU. (CVE-2016-1000232, CVE-2017-15010)

Related

nessus 7
nodejs 2
osv 4
veracode 3
cve 3
fedora 2
openvas 2
redhatcve 2
cvelist 2
github 2
ubuntucve 1
redhat 4
ibm 2
prion 2
debiancve 1
nessus
nessus
RHEL 6 / 7 : rh-nodejs4-nodejs-tough-cookie (RHSA-2017:2912)
2024-04-27 00:00:00
Fedora 23 : nodejs-tough-cookie (2016-286a8ec5b0)
2016-10-06 00:00:00
Fedora 24 : nodejs-tough-cookie (2016-c0fd203d6e)
2016-08-09 00:00:00
nodejs
nodejs
Regular Expression Denial of Service
2017-09-08 18:07:02
ReDoS via long string of semicolons
2016-07-22 19:43:01
osv
osv
CVE-2017-15010
2017-10-04 01:29:03
ReDoS via long string of semicolons in tough-cookie
2018-10-10 18:57:02
Regular Expression Denial of Service in tough-cookie
2018-07-24 20:14:39
veracode
veracode
Regular Expression Denial Of Service (ReDoS) Via Parsing Cookies
2017-09-06 06:29:35
Regular Expression Denial Of Service (ReDoS) Via Parsing Cookies
2019-01-15 09:19:22
Regular Expression Denial Of Service (ReDoS) Via Long String Of Semicolons
2019-01-15 09:13:59
cve
cve
CVE-2017-15010
2017-10-04 01:29:00
CVE-2016-1000232
2018-09-05 17:29:00
CVE-2017-16112
2020-01-27 13:15:00
fedora
fedora
[SECURITY] Fedora 23 Update: nodejs-tough-cookie-2.3.1-1.fc23
2016-10-01 04:23:52
[SECURITY] Fedora 30 Update: nodejs-tough-cookie-2.3.4-1.fc30
2019-06-12 14:48:48
openvas
openvas
Fedora Update for nodejs-tough-cookie FEDORA-2016-286a8ec5b0
2016-11-14 00:00:00
Fedora Update for nodejs-tough-cookie FEDORA-2019-76f1b57c1c
2019-06-13 00:00:00
redhatcve
redhatcve
CVE-2017-15010
2017-10-03 15:49:16
CVE-2016-1000232
2019-11-07 04:12:52
cvelist
cvelist
CVE-2017-15010
2017-10-03 16:00:00
CVE-2016-1000232
2018-09-05 17:00:00
github
github
Regular Expression Denial of Service in tough-cookie
2018-07-24 20:14:39
ReDoS via long string of semicolons in tough-cookie
2018-10-10 18:57:02
ubuntucve
ubuntucve
CVE-2017-15010
2017-10-04 00:00:00
redhat
redhat
(RHSA-2017:2913) Moderate: rh-nodejs6-nodejs-tough-cookie security update
2017-10-18 16:29:25
(RHSA-2016:2101) Moderate: nodejs and nodejs-tough-cookie security, bug fix, and enhancement update
2016-10-27 16:28:45
(RHSA-2018:1263) Moderate: Red Hat Mobile Application Platform 4.6.0 release - RPMs
2018-04-30 18:31:09
ibm
ibm
Security Bulletin: IBM API Connect is affected by Node.js tough-cookie module vulnerability to a denial of service (CVE-2016-1000232)
2018-06-15 07:08:52
Security Bulletin: IBM Watson Machine Learning Accelerator on Cloud Pak for Data is vulnerable to multiple vulnerabilities
2023-12-12 17:28:22
prion
prion
Design/Logic Flaw
2018-09-05 17:29:00
Design/Logic Flaw
2017-10-04 01:29:00
debiancve
debiancve
CVE-2017-15010
2017-10-04 01:29:00

0.011 Low

EPSS

Percentile

84.7%

JSON
Related for RHSA-2017:2912
nessus7nodejs2osv4veracode3cve3fedora2openvas2redhatcve2cvelist2github2ubuntucve1redhat4ibm2prion2debiancve1