3 matches found
CVE-2017-16224
st is a module for serving static files. An attacker is able to craft a request that results in an HTTP 301 redirect to an entirely different domain. A request for: http://some.server.com//nodesecurity.org/%2e%2e would result in a 301 to //nodesecurity.org/%2e%2e which most browsers treat as a...
CVE-2017-16224
The CVE-2017-16224 entry concerns the Node.js module st, which serves static files. A crafted request can trigger an HTTP 301 redirect to an entirely different domain. This requires st to be serving from the server root (/) rather than a subdirectory (e.g., /static/). The redirect URL ends with U...
CVE-2017-16224
st is a module for serving static files. An attacker is able to craft a request that results in an HTTP 301 redirect to an entirely different domain. A request for: http://some.server.com//nodesecurity.org/%2e%2e would result in a 301 to //nodesecurity.org/%2e%2e which most browsers treat as a...