CVE-2019-5737

It was found that the original fix for Slowloris, CVE-2018-12122, was insufficient. It is possible to bypass the server's headersTimeout by sending two specially crafted HTTP requests in the same connection. An attacker could use this flaw to bypass Slowloris protection, resulting in a denial of...

Node.js: Fix for CVE-2018-12122 can be bypassed via keep-alive requests

Summary: Fix for CVE-2018-12122 can be bypassed via keep-alive requests Description: I'm not a security expert, neither I'm familiar with Node.js core, so please forgive me if this report is inaccurate and in that case, sorry for your time. While investigating the issue 515I checked out the fix t...