Security Bulletin: Multiple vulnerabilities in Node.js affects IBM Rational Application Developer for WebSphere Software included in Rational Developer for i and Rational Developer for AIX and Linux

Summary Portions of IBM Rational Application Developer for WebSphere Software are shipped as a component of Rational Developer for i RPG and COBOL + Modernization Tools, Java and EGL editions, and Rational Developer for AIX and Linux. Multiple Node.js vulnerabilities have been discovered that...

SUSE SLES12 Security Update : nodejs6 (SUSE-SU-2019:0395-1)

This update for nodejs6 to version 6.16.0 fixes the following issues : Security issues fixed : CVE-2018-0734: Fixed a timing vulnerability in the DSA signature generation bsc1113652 CVE-2018-5407: Fixed a hyperthread port content side channel attack aka 'PortSmash' bsc1113534 CVE-2018-12120: Fixe...

SUSE-SU-2019:0395-1 Security update for nodejs6

This update for nodejs6 to version 6.16.0 fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed a timing vulnerability in the DSA signature generation bsc1113652 - CVE-2018-5407: Fixed a hyperthread port content side channel attack aka 'PortSmash' bsc1113534 - CVE-2018-12120:...

Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Rational Application Developer for WebSphere Software

Summary Multiple Node.js vulnerabilities were disclosed by the Node.js project. Node.js is used by the Cordova tools in IBM Rational Application Developer for WebSphere Software. IBM Rational Application Developer for WebSphere Software has addressed the applicable CVEs. Vulnerability Details...

Security update for nodejs4 (important)

openSUSE Security Update: Security update for nodejs4 Announcement ID: openSUSE-SU-2019:0088-1 Rating: important References: 1113534 1113652 1117625 1117626 1117627 1117629 1117630 Cross-References: CVE-2018-0734 CVE-2018-12116 CVE-2018-12120 CVE-2018-12121 CVE-2018-12122 CVE-2018-12123...

SUSE SLES12 Security Update : nodejs4 (SUSE-SU-2019:0117-1)

This update for nodejs4 fixes the following issues : Security issues fixed : CVE-2018-0734: Fixed a timing vulnerability in the DSA signature generation bsc1113652 CVE-2018-5407: Fixed a hyperthread port content side channel attack aka 'PortSmash' bsc1113534 CVE-2018-12120: Fixed that the debugge...

SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2019:0118-1)

This update for nodejs8 to version 8.15.0 fixes the following issues : Security issues fixed : CVE-2018-12121: Fixed a Denial of Service with large HTTP headers bsc1117626 CVE-2018-12122: Fixed the 'Slowloris' HTTP Denial of Service bsc1117627 CVE-2018-12116: Fixed HTTP request splitting bsc11176...

SUSE-SU-2019:0118-1 Security update for nodejs8

This update for nodejs8 to version 8.15.0 fixes the following issues: Security issues fixed: - CVE-2018-12121: Fixed a Denial of Service with large HTTP headers bsc1117626 - CVE-2018-12122: Fixed the 'Slowloris' HTTP Denial of Service bsc1117627 - CVE-2018-12116: Fixed HTTP request splitting...

Node.js Multiple Vulnerabilities (November 2018 Security Releases)

The version of Node.js installed on the remote host is 6.x prior to 6.15.0, 8.x prior to 8.14.0 or 10.x prior to 10.14.0 or 11.x prior to 11.3.0. It is, therefore, affected by multiple vulnerabilities. - OpenSSL Timing vulnerability in DSA signature generation CVE-2018-0734. - OpenSSL Timing...

FreeBSD : node.js -- multiple vulnerabilities (2a86f45a-fc3c-11e8-a414-00155d006b02)

Node.js reports : Updates are now available for all active Node.js release lines. These include fixes for the vulnerabilities identified in the initial announcement. They also include upgrades of Node.js 6 and 8 to OpenSSL 1.0.2q, and upgrades of Node.js 10 and 11 to OpenSSL 1.1.0j. We recommend...

CVE-2018-12116

Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the path option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to...

CVE-2018-12116

Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the path option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to...

CVE-2018-12116

Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the path option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to...

Design/Logic Flaw

Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the path option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to...

CVE-2018-12116

Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the path option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to...

CVE-2018-12116

CVE-2018-12116 in Node.js is an HTTP request splitting vulnerability: if an unsanitized Unicode path is supplied, a second user-defined HTTP request can be generated to the same server. Affected are all Node.js versions prior to 6.15.0 and 8.14.0. The vulnerability may enable DoS and, per related...

CVE-2018-12116

Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the path option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to...

PT-2018-2973

Name of the Vulnerable Software and Affected Versions Node.js versions prior to 6.15.0 Node.js versions prior to 8.14.0 Description The issue is related to HTTP request splitting, where Node.js can be tricked into using unsanitized user-provided Unicode data for the path option of an HTTP request...

node.js -- multiple vulnerabilities

Node.js reports: Updates are now available for all active Node.js release lines. These include fixes for the vulnerabilities identified in the initial announcement. They also include upgrades of Node.js 6 and 8 to OpenSSL 1.0.2q, and upgrades of Node.js 10 and 11 to OpenSSL 1.1.0j. We recommend...

Node.js: Http request splitting

Hi, I came upon the following tweet today: https://twitter.com/YShahinzadeh/status/1039396394195451904 which details a http request splitting vulnerability in NodeJS. You can confirm it with the following repro script: const http = require'http' const server = http.createServerreq, res =...