7910 matches found
CVE-2012-2330
The Update method in src/nodehttpparser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does not properly check the length of a string, which allows remote attackers to obtain sensitive information request header contents and possibly spoof HTTP headers via a zero length string...
CVE-2012-2330
The CVE-2012-2330 entry affects Node.js, where the Update method in src/node_http_parser.cc fails to properly check string length in versions prior to 0.6.17 and 0.7 prior to 0.7.8. This could allow remote attackers to read sensitive request header contents and potentially spoof HTTP headers via ...
PT-2012-3956 · Node.Js · Node.Js
Name of the Vulnerable Software and Affected Versions: Node.js versions prior to 0.6.17 Node.js versions prior to 0.7.8 Description: The issue allows remote attackers to obtain sensitive information, such as request header contents, and possibly spoof HTTP headers via a zero-length string. This i...
Node.js HTTP parsing vulnerability-vulnerability warning-the black bar safety net
Indicates a temporary no nodejs in the field, and nodejs in the country I'm in Ali cloud seen once, it is sent to it. the poc in this: https://gist.github.com/2628868 The official announcement on this: http://blog.nodejs.org/2012/05/07/http-server-security-vulnerability-please-upgrade-to-0-6-17/...
CVE-2011-5037
Google V8 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service CPU consumption by sending many crafted parameters, as demonstrated by attacks against Node.js...
CVE-2011-5037
Google V8 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service CPU consumption by sending many crafted parameters, as demonstrated by attacks against Node.js...
Design/Logic Flaw
Google V8 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service CPU consumption by sending many crafted parameters, as demonstrated by attacks against Node.js...
UBUNTU-CVE-2011-5037
Google V8 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service CPU consumption by sending many crafted parameters, as demonstrated by attacks against Node.js...
CVE-2011-5037
Google V8 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service CPU consumption by sending many crafted parameters, as demonstrated by attacks against Node.js...
CVE-2011-5037
The CVE-2011-5037 vulnerability is in Google V8: hash computations for form parameters permit predictable collisions, enabling remote attackers to trigger CPU-based DoS, demonstrated against Node.js. Reports across advisories describe a DoS via hash-collision attacks affecting multiple language r...