Lucene search
K

50 matches found

F5 Networks
F5 Networks
added 2023/10/02 6:55 p.m.45 views

K000137090: Node.js vulnerabilities CVE-2018-12121, CVE-2018-12122, and CVE-2018-12123

Security Advisory Description CVE-2018-12121 Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers almost 80 KB per connection, and carefully timed completion of the...

7.5CVSS7.2AI score0.41288EPSS
Exploits0Affected Software14
Tenable Nessus
Tenable Nessus
added 2023/09/07 12:0 a.m.26 views

Oracle Linux 7 : http-parser (ELSA-2019-2258)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-2258 advisory. - Related: rhbz1666024 - CVE-2018-7159 http-parser: nodejs: HTTP parser allowed for spaces inside Content-Length header values rhel-7 - Resolves:...

7.5CVSS7.3AI score0.10207EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/05 7:0 p.m.38 views

Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud Transformation Advisor

Summary IBM Cloud Transformation Advisor has addressed the following vulnerabilities. CVE-2018-12122, CVE-2018-12121, CVE-2018-12123 Vulnerability Details CVEID: CVE-2018-12122 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by improper validation of HTTP headers. By sending...

7.5CVSS6.7AI score0.41288EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.34 views

Mageia: Security Advisory (MGASA-2019-0277)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS6.9AI score0.41288EPSS
Exploits0References23
CBLMariner
CBLMariner
added 2021/08/11 6:39 a.m.21 views

CVE-2018-12121 affecting package nodejs 8.11.4-7

CVE-2018-12121 affecting package nodejs 8.11.4-7. An upgraded version of the package is available that resolves this issue...

7.5CVSS7.4AI score0.10207EPSS
Exploits0
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.24 views

SUSE: Security Advisory (SUSE-SU-2019:0117-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS6.6AI score0.41288EPSS
Exploits4References2
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.23 views

SUSE: Security Advisory (SUSE-SU-2019:0395-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS6.6AI score0.41288EPSS
Exploits4References2
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.23 views

SUSE: Security Advisory (SUSE-SU-2019:0118-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.8AI score0.41288EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/12/15 12:0 a.m.37 views

Virtuozzo 7 : http-parser / http-parser-devel (VZLSA-2019-2258)

An update for http-parser is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

7.5CVSS7.4AI score0.10207EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2020/06/16 12:0 a.m.38 views

Huawei EulerOS: Security Advisory for http-parser (EulerOS-SA-2020-1652)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7AI score0.10207EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/04/24 12:0 a.m.39 views

Amazon Linux AMI : http-parser (ALAS-2020-1359)

The version of http-parser installed on the remote host is prior to 2.9.3-1.2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1359 advisory. A flaw was found in the Node.js code where a specially crafted HTTPs request sent to a Node.js server failed to...

9.8CVSS7.4AI score0.57132EPSS
Exploits0References7
Amazon
Amazon
added 2020/04/23 12:0 a.m.149 views

Important: http-parser

Issue Overview: A flaw was found in the Node.js code where a specially crafted HTTPs request sent to a Node.js server failed to properly process the HTTPs headers, resulting in a request smuggling attack. An attacker can use this flaw to alter a request sent as an authenticated user if the Node.j...

9.8CVSS8AI score0.57132EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/04/16 12:0 a.m.48 views

EulerOS Virtualization 3.0.2.2 : http-parser (EulerOS-SA-2020-1486)

According to the versions of the http-parser package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By usin...

7.5CVSS7.1AI score0.10207EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2020/03/23 8:41 p.m.26 views

Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Integration Bus & IBM App Connect Enterprise V11

Summary IBM Integration Bus & IBM App Connect Enterprise V11 ship with Node.js version 8 for which multiple vulnerabilities were reported and have been addressed. Vulnerability details are listed below. Vulnerability Details CVEID: CVE-2018-12122 DESCRIPTION: Node.js is vulnerable to a denial of...

7.5CVSS0.9AI score0.41288EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/03/23 12:0 a.m.59 views

GLSA-202003-48 : Node.js: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202003-48 Node.js: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Node.js. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly write arbitrary files,...

9.8CVSS6.8AI score0.57132EPSS
Exploits2References16
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.31 views

Huawei EulerOS: Security Advisory for http-parser (EulerOS-SA-2019-2238)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7AI score0.10207EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/12/31 12:0 a.m.38 views

Photon OS 1.0: Nodejs PHSA-2019-1.0-0257

An update of the nodejs package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-1.0-0257. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid13252...

7.5CVSS7.7AI score0.41288EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2019/12/31 12:0 a.m.27 views

NewStart CGSL CORE 5.05 / MAIN 5.05 : http-parser Multiple Vulnerabilities (NS-SA-2019-0257)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has http-parser packages installed that are affected by multiple vulnerabilities: - The HTTP parser in all current versions of Node.js ignores spaces in the Content-Length header, allowing input such as Content-Length: 1 2 to b...

7.5CVSS7.1AI score0.10207EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2019/11/08 12:0 a.m.57 views

EulerOS 2.0 SP3 : http-parser (EulerOS-SA-2019-2238)

According to the versions of the http-parser package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The HTTP parser in all current versions of Node.js ignores spaces in the Content-Length header, allowing input such as Content-Length: 1 2 t...

7.5CVSS7.1AI score0.10207EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2019/11/06 12:0 a.m.38 views

RHEL 8 : http-parser (RHSA-2019:3497)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2019:3497 advisory. The http-parser package provides a utility for parsing HTTP messages. It parses both requests and responses. The parser is designed to be used in...

7.5CVSS7.6AI score0.10207EPSS
Exploits0References7
Rows per page
Query Builder