Lucene search
K

93 matches found

Prion
Prion
added 2018/06/07 2:29 a.m.12 views

Design/Logic Flaw

method-override is a module used by the Express.js framework to let you use HTTP verbs such as PUT or DELETE in places where the client doesn't support it. method-override is vulnerable to a regular expression denial of service vulnerability when specially crafted input is passed in to be parsed...

5CVSS7.3AI score0.01215EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2018/06/07 2:29 a.m.17 views

Race condition

The forwarded module is used by the Express.js framework to handle the X-Forwarded-For header. It is vulnerable to a regular expression denial of service when it's passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition...

5CVSS7.3AI score0.01947EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2018/06/07 2:29 a.m.22 views

CVE-2017-16119

Fresh is a module used by the Express.js framework for HTTP response freshness testing. It is vulnerable to a regular expression denial of service when it is passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition...

7.5CVSS7.1AI score0.01584EPSS
Exploits0References2
CVE
CVE
added 2018/06/07 2:0 a.m.91 views

CVE-2017-16119

CVE-2017-16119 (fresh) : The fresh module used by Express.js is vulnerable to a regular expression DoS (ReDoS) when parsing crafted input, which can block the event loop and cause a denial of service. Affected component: fresh (Node.js module). Root cause: ReDoS in input parsing. Impact: potentia...

7.5CVSS7.2AI score0.01584EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/06/07 2:0 a.m.29 views

CVE-2017-16136

method-override is a module used by the Express.js framework to let you use HTTP verbs such as PUT or DELETE in places where the client doesn't support it. method-override is vulnerable to a regular expression denial of service vulnerability when specially crafted input is passed in to be parsed...

7.4AI score0.01215EPSS
Exploits0References1
CVE
CVE
added 2018/06/07 2:0 a.m.65 views

CVE-2017-16118

The CVE-2017-16118 entry concerns the forwarded module used by Express.js to parse the X-Forwarded-For header. A crafted input can trigger a regular expression denial of service (ReDoS), blocking the event loop and causing a denial of service. Connected sources corroborate a ReDoS issue in the fo...

7.5CVSS7.2AI score0.01947EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2018/06/07 2:0 a.m.83 views

CVE-2017-16136

CVE-2017-16136 affects the Node.js module method-override used with the Express.js framework. The issue is a regular expression denial of service (ReDoS) triggered when untrusted input is parsed via the X-HTTP-Method-Override header. In the provided documents, exploitation details are not describ...

7.5CVSS7.3AI score0.01215EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/06/07 2:0 a.m.26 views

CVE-2017-16119

Fresh is a module used by the Express.js framework for HTTP response freshness testing. It is vulnerable to a regular expression denial of service when it is passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition...

7.3AI score0.01584EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/06/07 2:0 a.m.15 views

CVE-2017-16118

The forwarded module is used by the Express.js framework to handle the X-Forwarded-For header. It is vulnerable to a regular expression denial of service when it's passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition...

7.3AI score0.01947EPSS
Exploits0References2
Prion
Prion
added 2018/06/05 3:29 p.m.11 views

Hardcoded credentials

In Dedos-web 1.0, the cookie and session secrets used in the Express.js application have hardcoded values that are visible in the source code published on GitHub. An attacker can edit the contents of the session cookie and re-sign it using the hardcoded secret. Due to the use of Passport.js, this...

7.5CVSS7.2AI score0.01134EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2018/06/05 3:0 p.m.42 views

CVE-2018-10813

Dedos-web 1.0 has hardcoded session cookies/secrets in the Express.js app, exposed in GitHub source. An attacker can modify session cookie contents and re-sign them with the hardcoded secret via Passport.js, enabling privilege escalation. Public references (CNVD/NVD) confirm hardcoded credentials...

7.5CVSS7.2AI score0.01134EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2018/06/05 3:0 p.m.21 views

CVE-2018-10813

In Dedos-web 1.0, the cookie and session secrets used in the Express.js application have hardcoded values that are visible in the source code published on GitHub. An attacker can edit the contents of the session cookie and re-sign it using the hardcoded secret. Due to the use of Passport.js, this...

7.2AI score0.01134EPSS
Exploits1References2
Kitploit
Kitploit
added 2018/05/02 12:38 p.m.55 views

Yamot - Yet Another MOnitoring Tool

yamot is a web-based server-monitoring tool built for small environments with just a handful servers. It takes a minimum of resources which allows the execution on almost every machine, also very old ones. It works best with Linux or BSD. Windows is not part of the server scope. You could use it...

7.2AI score
Exploits0References1
Rows per page
Query Builder