Lucene search
K

34 matches found

Tenable Nessus
Tenable Nessus
added 2024/04/27 12:0 a.m.30 views

RHEL 7 : rh-nodejs8-nodejs (RHSA-2018:2949)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2949 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

8.8CVSS6.9AI score0.09916EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2023/09/07 12:0 a.m.26 views

Oracle Linux 7 : http-parser (ELSA-2019-2258)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-2258 advisory. - Related: rhbz1666024 - CVE-2018-7159 http-parser: nodejs: HTTP parser allowed for spaces inside Content-Length header values rhel-7 - Resolves:...

7.5CVSS7.3AI score0.10207EPSS
Exploits0References3
F5 Networks
F5 Networks
added 2023/02/21 6:48 p.m.44 views

K27228191: Node.js vulnerability CVE-2018-7159

Security Advisory Description The HTTP parser in all current versions of Node.js ignores spaces in the Content-Length header, allowing input such as Content-Length: 1 2 to be interpreted as having a value of 12. The HTTP specification does not allow for spaces in the Content-Length value and the...

5.3CVSS7.6AI score0.03621EPSS
Exploits0
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.34 views

Mageia: Security Advisory (MGASA-2019-0277)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS6.9AI score0.41288EPSS
Exploits0References23
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.22 views

SUSE: Security Advisory (SUSE-SU-2018:0952-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.5AI score0.03621EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.26 views

SUSE: Security Advisory (SUSE-SU-2018:1183-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS6.6AI score0.09916EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/12/15 12:0 a.m.37 views

Virtuozzo 7 : http-parser / http-parser-devel (VZLSA-2019-2258)

An update for http-parser is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

7.5CVSS7.4AI score0.10207EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2020/06/16 12:0 a.m.38 views

Huawei EulerOS: Security Advisory for http-parser (EulerOS-SA-2020-1652)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7AI score0.10207EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/04/24 12:0 a.m.39 views

Amazon Linux AMI : http-parser (ALAS-2020-1359)

The version of http-parser installed on the remote host is prior to 2.9.3-1.2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1359 advisory. A flaw was found in the Node.js code where a specially crafted HTTPs request sent to a Node.js server failed to...

9.8CVSS7.4AI score0.57132EPSS
Exploits0References7
Amazon
Amazon
added 2020/04/23 12:0 a.m.149 views

Important: http-parser

Issue Overview: A flaw was found in the Node.js code where a specially crafted HTTPs request sent to a Node.js server failed to properly process the HTTPs headers, resulting in a request smuggling attack. An attacker can use this flaw to alter a request sent as an authenticated user if the Node.j...

9.8CVSS8AI score0.57132EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/04/16 12:0 a.m.47 views

EulerOS Virtualization 3.0.2.2 : http-parser (EulerOS-SA-2020-1486)

According to the versions of the http-parser package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By usin...

7.5CVSS7.1AI score0.10207EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.31 views

Huawei EulerOS: Security Advisory for http-parser (EulerOS-SA-2019-2238)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7AI score0.10207EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/12/31 12:0 a.m.27 views

NewStart CGSL CORE 5.05 / MAIN 5.05 : http-parser Multiple Vulnerabilities (NS-SA-2019-0257)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has http-parser packages installed that are affected by multiple vulnerabilities: - The HTTP parser in all current versions of Node.js ignores spaces in the Content-Length header, allowing input such as Content-Length: 1 2 to b...

7.5CVSS7.1AI score0.10207EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2019/11/08 12:0 a.m.57 views

EulerOS 2.0 SP3 : http-parser (EulerOS-SA-2019-2238)

According to the versions of the http-parser package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The HTTP parser in all current versions of Node.js ignores spaces in the Content-Length header, allowing input such as Content-Length: 1 2 t...

7.5CVSS7.1AI score0.10207EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2019/10/25 12:0 a.m.33 views

Amazon Linux 2 : http-parser (ALAS-2019-1322)

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers almost 80 KB per connection, and carefully timed completion of the headers, it is possible to cause the HTTP...

7.5CVSS7.1AI score0.10207EPSS
Exploits0References3
Amazon
Amazon
added 2019/10/21 12:0 a.m.57 views

Medium: http-parser

Issue Overview: Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers almost 80 KB per connection, and carefully timed completion of the headers, it is possible to...

7.5CVSS8AI score0.10207EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2019/10/20 6:35 a.m.29 views

CVE-2018-7159

It was found that the http module from Node.js could accept incorrect Content-Length values, containing spaces within the value, in HTTP headers. A specially crafted client could use this flaw to possibly confuse the script, causing unspecified behavior...

5.3CVSS1.2AI score0.03621EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/10/15 12:0 a.m.29 views

NewStart CGSL CORE 5.04 / MAIN 5.04 : http-parser Multiple Vulnerabilities (NS-SA-2019-0208)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has http-parser packages installed that are affected by multiple vulnerabilities: - The HTTP parser in all current versions of Node.js ignores spaces in the Content-Length header, allowing input such as Content-Length: 1 2 to b...

7.5CVSS7.1AI score0.10207EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2019/09/19 12:0 a.m.47 views

CentOS Update for http-parser CESA-2019:2258 centos7

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7AI score0.10207EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/09/19 12:0 a.m.41 views

CentOS 7 : http-parser (CESA-2019:2258)

An update for http-parser is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

7.5CVSS7.5AI score0.10207EPSS
Exploits0References3
Rows per page
Query Builder