Lucene search
K

208 matches found

OSV
OSV
added 2018/06/07 2:29 a.m.5 views

DEBIAN-CVE-2017-16129

The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that becomes several magnitudes larger once uncompressed. If a client does not take special care when processing such responses, it may result in excessive...

5.9CVSS6AI score0.01767EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2018/06/07 2:29 a.m.24 views

CVE-2017-16129

The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that becomes several magnitudes larger once uncompressed. If a client does not take special care when processing such responses, it may result in excessive...

7.1CVSS6.6AI score0.01767EPSS
Exploits0References3
OSV
OSV
added 2018/06/07 2:29 a.m.5 views

UBUNTU-CVE-2017-16129

The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that becomes several magnitudes larger once uncompressed. If a client does not take special care when processing such responses, it may result in excessive...

5.9CVSS6.6AI score0.01767EPSS
Exploits0References4
CVE
CVE
added 2018/06/07 2:0 a.m.79 views

CVE-2017-16129

CVE-2017-16129 affects the HTTP client module superagent . It is vulnerable to ZIP-bomb attacks: a small ZIP can expand massively after decompression, causing unbounded CPU/memory usage and potential DoS. Exploitation requires the attacker to control the URL being requested. Some connected adviso...

7.1CVSS5.8AI score0.01767EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/06/07 2:0 a.m.21 views

CVE-2017-16129

The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that becomes several magnitudes larger once uncompressed. If a client does not take special care when processing such responses, it may result in excessive...

5.5AI score0.01767EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2018/06/07 2:0 a.m.34 views

CVE-2017-16129

The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that becomes several magnitudes larger once uncompressed. If a client does not take special care when processing such responses, it may result in excessive...

7.1CVSS5.9AI score0.01767EPSS
Exploits0
Veracode
Veracode
added 2017/11/01 5:32 a.m.19 views

Large GZip Denial Of Service (DoS)

superagent is vulnerable to large GZip denial of service DoS attacks aka ZIP bomb attacks. The attacks can be triggered when malicious HTTP servers send extremely large responses in a compressed form. Since the client does not limit the size of responses, it will end up consuming large amounts of...

5.9CVSS5.5AI score0.01767EPSS
Exploits0References4Affected Software1
Node.js
Node.js
added 2017/07/28 9:7 p.m.54 views

Large gzip Denial of Service

Overview Affected versions of superagent do not check the post-decompression size of ZIP compressed HTTP responses prior to decompressing. This results in the package being vulnerable to a ZIP bomb attack, where an extremely small ZIP file becomes many orders of magnitude larger when decompressed...

7.1CVSS2.3AI score0.01767EPSS
Exploits0Affected Software1
Rows per page
Query Builder