6 matches found
RHEL 6 / 7 : rh-nodejs4-nodejs-tough-cookie (RHSA-2017:2912)
The remote Redhat Enterprise Linux 6 / 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2017:2912 advisory. Tough-Cookie is a Node.js module that offers RFC6265 Cookies and Cookie Jar. The following packages have been upgraded to a later upstre...
CVE-2016-1000232
NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service. This attack appear to be exploitable via Custom HTTP header passed by client. This vulnerability appears to have been fixed in 2.3.0...
CVE-2016-1000232
CVE-2016-1000232 affects the Node.js tough-cookie module: vulnerable in version 2.2.2 due to a Regular Expression Parsing DoS in HTTP Cookie header processing when parsing large headers. The issue could be triggered by a sufficiently large Cookie header. It has been fixed in 2.3.0; remediation is...
Security Bulletin: IBM API Connect is affected by Node.js tough-cookie module vulnerability to a denial of service (CVE-2016-1000232)
Summary API Connect has addressed the following vulnerability. Node.js tough-cookie module is vulnerable to a denial of service, caused by a regular expression error. By using a sufficiently large HTTP request Cookie header, a remote attacker could exploit this vulnerability to cause the...
Moderate: Red Hat Security Advisory: rh-nodejs4-nodejs-tough-cookie security update
An update for rh-nodejs4-nodejs-tough-cookie is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Fedora 23 : nodejs-tough-cookie (2016-286a8ec5b0)
Security fix for Denial of service via long string of semicolons Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...