93 matches found
Design/Logic Flaw
method-override is a module used by the Express.js framework to let you use HTTP verbs such as PUT or DELETE in places where the client doesn't support it. method-override is vulnerable to a regular expression denial of service vulnerability when specially crafted input is passed in to be parsed...
Race condition
The forwarded module is used by the Express.js framework to handle the X-Forwarded-For header. It is vulnerable to a regular expression denial of service when it's passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition...
CVE-2017-16119
Fresh is a module used by the Express.js framework for HTTP response freshness testing. It is vulnerable to a regular expression denial of service when it is passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition...
CVE-2017-16119
CVE-2017-16119 (fresh) : The fresh module used by Express.js is vulnerable to a regular expression DoS (ReDoS) when parsing crafted input, which can block the event loop and cause a denial of service. Affected component: fresh (Node.js module). Root cause: ReDoS in input parsing. Impact: potentia...
CVE-2017-16136
method-override is a module used by the Express.js framework to let you use HTTP verbs such as PUT or DELETE in places where the client doesn't support it. method-override is vulnerable to a regular expression denial of service vulnerability when specially crafted input is passed in to be parsed...
CVE-2017-16118
The CVE-2017-16118 entry concerns the forwarded module used by Express.js to parse the X-Forwarded-For header. A crafted input can trigger a regular expression denial of service (ReDoS), blocking the event loop and causing a denial of service. Connected sources corroborate a ReDoS issue in the fo...
CVE-2017-16136
CVE-2017-16136 affects the Node.js module method-override used with the Express.js framework. The issue is a regular expression denial of service (ReDoS) triggered when untrusted input is parsed via the X-HTTP-Method-Override header. In the provided documents, exploitation details are not describ...
CVE-2017-16119
Fresh is a module used by the Express.js framework for HTTP response freshness testing. It is vulnerable to a regular expression denial of service when it is passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition...
CVE-2017-16118
The forwarded module is used by the Express.js framework to handle the X-Forwarded-For header. It is vulnerable to a regular expression denial of service when it's passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition...
Hardcoded credentials
In Dedos-web 1.0, the cookie and session secrets used in the Express.js application have hardcoded values that are visible in the source code published on GitHub. An attacker can edit the contents of the session cookie and re-sign it using the hardcoded secret. Due to the use of Passport.js, this...
CVE-2018-10813
Dedos-web 1.0 has hardcoded session cookies/secrets in the Express.js app, exposed in GitHub source. An attacker can modify session cookie contents and re-sign them with the hardcoded secret via Passport.js, enabling privilege escalation. Public references (CNVD/NVD) confirm hardcoded credentials...
CVE-2018-10813
In Dedos-web 1.0, the cookie and session secrets used in the Express.js application have hardcoded values that are visible in the source code published on GitHub. An attacker can edit the contents of the session cookie and re-sign it using the hardcoded secret. Due to the use of Passport.js, this...
Yamot - Yet Another MOnitoring Tool
yamot is a web-based server-monitoring tool built for small environments with just a handful servers. It takes a minimum of resources which allows the execution on almost every machine, also very old ones. It works best with Linux or BSD. Windows is not part of the server scope. You could use it...