Security Bulletin: Multiple vulnerabilities in the IBM SDK for Node.js affect the Cordova tools in IBM Rational Application Developer (CVE-2016-2086, CVE-2016-2216, CVE-2015-3197)

Summary Security vulnerabilities have been discovered in the IBM SDK for Node.js used by the Cordova platform packaged in IBM Rational Application Developer. Vulnerability Details CVEID: CVE-2016-2086 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by the improper handling of...

Security Bulletin: Multiple vulnerabilities in current releases of IBM® SDK for Node.js™ in IBM Bluemix (CVE-2015-3197, CVE-2016-2086, CVE-2016-2216)

Summary This bulletin describes CVE-2015-3197 that was reported on January 26, 2015 by the OpenSSL Project, plus two additional vulnerabilities. Vulnerability Details CVEID: CVE-2015-3197 DESCRIPTION: OpenSSL could allow a remote attacker to conduct man-in-the-middle attacks, caused by the use of...

F5 Networks BIG-IP : Node.js vulnerability (K23134279)

The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as...

About the security content of Xcode 8.1 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...

Apple Xcode < 8.1 Node.js Multiple RCE (macOS)

The version of Apple Xcode installed on the remote macOS or Mac OS X host is prior to 8.1. It is, therefore, affected by multiple remote code execution vulnerabilities in the Node.js component of the Xcode Server. An unauthenticated, remote attacker can exploit these vulnerabilities to cause a...

About the security content of Xcode 8.1

About the security content of Xcode 8.1 This document describes the security content of Xcode 8.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

CVE-2016-2216

The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as...

DEBIAN-CVE-2016-2216

The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as...

CVE-2016-2216

The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as...

UBUNTU-CVE-2016-2216

The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as...

CVE-2016-2216

CVE-2016-2216 affects Node.js HTTP header parsing in several branches (0.10.x, 0.11.x, 0.12.x, 4.x, 5.x). Root cause: header parsing inadequately validates UTF-8/Unicode characters, enabling HTTP response-splitting protection bypass. Demonstrated by crafted encoded input like %c4%8d%c4%8a. Impact...

Fedora 22 : nodejs-0.10.42-4.fc22 (2016-8925b6119f)

Security fix for CVE-2016-2216, CVE-2016-2086 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Fedora 23 : nodejs-0.10.42-4.fc23 (2016-3102c11757)

Security fix for CVE-2016-2216, CVE-2016-2086 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

openSUSE Security Update : nodejs (openSUSE-2016-283)

This update for nodejs fixes the following issues : - CVE-2016-2216: Response splitting vulnerability using Unicode characters boo966076 - CVE-2016-2086: Request smuggling vulnerability boo966077 Node.js was updated to the 4.3.1 LTS version, containing all upstream bug fixes and improvements...

Fedora Update for nodejs FEDORA-2016-3102

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

February 2016 Security Release Summary

February 2016 Security Release Summary Two weeks ago we announced the planned release of updates to all active release lines, v0.10, v0.12, v4 and v5, to fix HTTP related vulnerabilities and to upgrade the bundled versions of OpenSSL. Upon release of the OpenSSL updates we posted an impact...