K15311661: NodeJS vulnerability CVE-2016-2086

Security Advisory Description Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header. CVE-2016-2086 Impact An attacker may be able to perform HTTP reques...

SUSE CVE-2016-2086

Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header...

Security Bulletin: Multiple vulnerabilities in the IBM SDK for Node.js affect the Cordova tools in IBM Rational Application Developer (CVE-2016-2086, CVE-2016-2216, CVE-2015-3197)

Summary Security vulnerabilities have been discovered in the IBM SDK for Node.js used by the Cordova platform packaged in IBM Rational Application Developer. Vulnerability Details CVEID: CVE-2016-2086 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by the improper handling of...

Security Bulletin: Multiple vulnerabilities in current releases of IBM® SDK for Node.js™ in IBM Bluemix (CVE-2015-3197, CVE-2016-2086, CVE-2016-2216)

Summary This bulletin describes CVE-2015-3197 that was reported on January 26, 2015 by the OpenSSL Project, plus two additional vulnerabilities. Vulnerability Details CVEID: CVE-2015-3197 DESCRIPTION: OpenSSL could allow a remote attacker to conduct man-in-the-middle attacks, caused by the use of...

About the security content of Xcode 8.1 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...

Apple Xcode < 8.1 Node.js Multiple RCE (macOS)

The version of Apple Xcode installed on the remote macOS or Mac OS X host is prior to 8.1. It is, therefore, affected by multiple remote code execution vulnerabilities in the Node.js component of the Xcode Server. An unauthenticated, remote attacker can exploit these vulnerabilities to cause a...

About the security content of Xcode 8.1

About the security content of Xcode 8.1 This document describes the security content of Xcode 8.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

F5 Networks BIG-IP : NodeJS vulnerability (K15311661)

Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header. CVE-2016-2086 C Tenable Network Security, Inc. The descriptive text and package checks in this...

CVE-2016-2086

Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header...

UBUNTU-CVE-2016-2086

Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header...

CVE-2016-2086

CVE-2016-2086 affects Node.js HTTP request parsing via Content-Length mishandling, enabling remote HTTP request smuggling. Public docs identify Node.js versions affected (0.10.x up to 0.10.42, 0.12.x up to 0.12.10, 4.x up to 4.3.0, 5.x up to 5.6.0) and describe impact as potential for cache poiso...

Fedora 23 : nodejs-0.10.42-4.fc23 (2016-3102c11757)

Security fix for CVE-2016-2216, CVE-2016-2086 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Fedora 22 : nodejs-0.10.42-4.fc22 (2016-8925b6119f)

Security fix for CVE-2016-2216, CVE-2016-2086 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

openSUSE Security Update : nodejs (openSUSE-2016-283)

This update for nodejs fixes the following issues : - CVE-2016-2216: Response splitting vulnerability using Unicode characters boo966076 - CVE-2016-2086: Request smuggling vulnerability boo966077 Node.js was updated to the 4.3.1 LTS version, containing all upstream bug fixes and improvements...

Fedora Update for nodejs FEDORA-2016-3102

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

February 2016 Security Release Summary

February 2016 Security Release Summary Two weeks ago we announced the planned release of updates to all active release lines, v0.10, v0.12, v4 and v5, to fix HTTP related vulnerabilities and to upgrade the bundled versions of OpenSSL. Upon release of the OpenSSL updates we posted an impact...