Lucene search
K

4 matches found

Hacker One
Hacker One
added 2020/05/08 7:45 a.m.216 views

Node.js: Denial of Service by resource exhaustion CWE-400 due to unfinished HTTP/1.1 requests

Summary: Node.js is vulnerable to HTTP denial of service DOS attacks based on delayed requests submission which can make the server unable to accept new connections. Description: An attacker can open an arbitrary number of HTTP connections and keep the server busy by never completing the request...

5CVSS0.08794EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2019/10/01 10:3 a.m.5 views

nodejs: Insufficient Slowloris fix causing DoS via server.headersTimeout bypass

It was found that the original fix for Slowloris, CVE-2018-12122, was insufficient. It is possible to bypass the server's headersTimeout by sending two specially crafted HTTP requests in the same connection. An attacker could use this flaw to bypass Slowloris protection, resulting in a denial of...

7.5CVSS6.7AI score0.16184EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2019/09/30 3:15 p.m.4 views

nodejs: Insufficient Slowloris fix causing DoS via server.headersTimeout bypass

It was found that the original fix for Slowloris, CVE-2018-12122, was insufficient. It is possible to bypass the server's headersTimeout by sending two specially crafted HTTP requests in the same connection. An attacker could use this flaw to bypass Slowloris protection, resulting in a denial of...

7.5CVSS6.7AI score0.16184EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2019/07/22 1:39 p.m.7 views

nodejs: Insufficient Slowloris fix causing DoS via server.headersTimeout bypass

It was found that the original fix for Slowloris, CVE-2018-12122, was insufficient. It is possible to bypass the server's headersTimeout by sending two specially crafted HTTP requests in the same connection. An attacker could use this flaw to bypass Slowloris protection, resulting in a denial of...

7.5CVSS6.7AI score0.16184EPSS
Exploits0References5
Rows per page
Query Builder