Moderate: Red Hat Security Advisory: http-parser security and bug fix update

An update for http-parser is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

Medium: http-parser

Issue Overview: Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers almost 80 KB per connection, and carefully timed completion of the headers, it is possible to...

NewStart CGSL CORE 5.04 / MAIN 5.04 : http-parser Multiple Vulnerabilities (NS-SA-2019-0208)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has http-parser packages installed that are affected by multiple vulnerabilities: - The HTTP parser in all current versions of Node.js ignores spaces in the Content-Length header, allowing input such as Content-Length: 1 2 to b...

F5 Networks BIG-IP : Node.js vulnerability (K27228191)

The HTTP parser in all current versions of Node.js ignores spaces in the Content-Length header, allowing input such as Content-Length: 1 2 to be interpreted as having a value of 12. The HTTP specification does not allow for spaces in the Content-Length value and the Node.js HTTP parser has been...

CentOS Update for http-parser CESA-2019:2258 centos7

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS 7 : http-parser (CESA-2019:2258)

An update for http-parser is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

http security update

CentOS Errata and Security Advisory CESA-2019:2258 An update for http-parser is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

PT-2019-3468

Name of the Vulnerable Software and Affected Versions Varnish Cache versions prior to 6.0.4 LTS Varnish Cache versions 6.1.x through 6.2.0 Description An issue in Varnish Cache allows a remote attacker to trigger an assert by sending crafted HTTP/1 requests, causing an automatic restart with a...

Scientific Linux Security Update : http-parser on SL7.x x86_64 (20190806)

Security Fixes : - nodejs: Denial of Service with large HTTP headers CVE-2018-12121 - nodejs: HTTP parser allowed for spaces inside Content-Length header values CVE-2018-7159 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include"compat.inc"; if description...

http-parser security update

2.7.1-8 - Backport needed test fixes - Related: rhbz1666024 - CVE-2018-7159 http-parser: nodejs: HTTP parser allowed for spaces inside Content-Length header values rhel-7 2.7.1-7 - Resolves: rhbz1666024 - CVE-2018-7159 http-parser: nodejs: HTTP parser allowed for spaces inside Content-Length head...

RHEL 7 : http-parser (RHSA-2019:2258)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2258 advisory. The http-parser package provides a utility for parsing HTTP messages. It parses both requests and responses. The parser is designed to be us...

Moderate: Red Hat Security Advisory: http-parser security update

An update for http-parser is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

nodejs: HTTP parser allowed for spaces inside Content-Length header values

It was found that the http module from Node.js could accept incorrect Content-Length values, containing spaces within the value, in HTTP headers. A specially crafted client could use this flaw to possibly confuse the script, causing unspecified behavior...

Node.js: Vulnerability in http-parser & embedded NULL header handling

Due to a snafu in how [email protected] is setup to forward see https://github.com/envoyproxy/envoy/issues/5155, the following bug report was not made available prior to disclosure. For completeness, I'm providing the original e-mail below. Please note that this has been fixed in http-parser...

SUSE SLES12 Security Update : nodejs4 (SUSE-SU-2018:0952-1)

This update for nodejs4 fixes the following issues : - Fix some node-gyp permissions - New upstream maintenance 4.9.1 : - Security fixes : + CVE-2018-7158: Fix for 'path' module regular expression denial of service bsc1087459 + CVE-2018-7159: Reject spaces in HTTP Content-Length header values...

RHEL 7 : JBoss Core Services (RHSA-2017:1413)

An update is now available for Red Hat JBoss Core Services on RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Samsung SmartThings Hub video-core Database find-by-cameraId Code Execution Vulnerability(CVE-2018-3880)

Summary Multiple exploitable vulnerabilities exist in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, URL and body. An...

Samsung SmartThings Hub video-core REST Request Parser HTTP Pipelining Injection Vulnerabilities(CVE-2018-3907 - CVE-2018-3909)

Summary Multiple exploitable vulnerabilities exist in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, URL and body. An...

Samsung SmartThings Hub video-core REST Request Parser HTTP Pipelining Injection Vulnerabilities

Summary Multiple exploitable vulnerabilities exist in the REST parser of video-core’s HTTP server of the Samsung SmartThings Hub. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, URL and body. An...

Node.js Improper Input Validation Vulnerability (Mar 2018) - Mac OS X

Node.js is prone to an improper input validation vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js";...