Lucene search
Redhat.comRH:CVE-2017-16005HistoryOct 12, 2019 - 3:49 a.m.
CVE-2017-16005
2019-10-1203:49:27
redhat.com
access.redhat.com
7
0.001 Low
EPSS
Percentile
35.3%
Http-signature is a “Reference implementation of Joyent’s HTTP Signature Scheme”. In versions <=0.9.11, http-signature signs only the header values, but not the header names. This makes http-signature vulnerable to header forgery. Thus, if an attacker can intercept a request, he can swap header names and change the meaning of the request without changing the signature.
Related
debiancve
debiancve
CVE-2017-16005
2018-06-04 19:29:00
osv
osv
Header Forgery in http-signature
2018-11-09 17:49:34
CVE-2017-16005
2018-06-04 19:29:00
cvelist
cvelist
CVE-2017-16005
2018-04-26 00:00:00
cve
cve
CVE-2017-16005
2018-06-04 19:29:00
nessus
nessus
RHEL 8 : nodejs-http-signature (Unpatched Vulnerability)
2024-05-11 00:00:00
RHEL 8 : nodejs-http-signature (Unpatched Vulnerability)
2024-06-03 00:00:00
prion
prion
Design/Logic Flaw
2018-06-04 19:29:00
github
github
Header Forgery in http-signature
2018-11-09 17:49:34
nodejs
nodejs
Header Forgery
2017-03-08 21:41:03
nvd
nvd
CVE-2017-16005
2018-06-04 19:29:00