Lucene search
K

127 matches found

Veracode
Veracode
added 2018/06/07 1:6 p.m.24 views

Regular Expression Denial Of Service (ReDoS)

ua-parser is vulnerable to regular expression denial of service ReDoS. A malicious user can pass a string through the User-Agent header to cause a ReDoS...

7.5CVSS7.2AI score0.09242EPSS
Exploits2References1Affected Software1
NVD
NVD
added 2018/06/07 2:29 a.m.31 views

CVE-2017-16086

ua-parser is a port of Browserscope's user agent parser. ua-parser is vulnerable to a ReDoS Regular Expression Denial of Service attack when given a specially crafted UserAgent header...

7.5CVSS7.4AI score0.09242EPSS
Exploits2References1
Prion
Prion
added 2018/06/07 2:29 a.m.21 views

Design/Logic Flaw

ua-parser is a port of Browserscope's user agent parser. ua-parser is vulnerable to a ReDoS Regular Expression Denial of Service attack when given a specially crafted UserAgent header...

5CVSS7.4AI score0.09242EPSS
Exploits2References1
CVE
CVE
added 2018/06/07 2:0 a.m.83 views

CVE-2017-16086

CVE-2017-16086 affects the ua-parser-js module (ua-parser) and can be triggered by a specially crafted User-Agent header, causing a Regular Expression Denial of Service (ReDoS). The vulnerability is documented with a CVSS v3.0 base score of 7.5 (HIGH) and visible in NVD; a prior v2.0 score is 5.0...

7.5CVSS7.3AI score0.09242EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2018/06/07 2:0 a.m.36 views

CVE-2017-16086

ua-parser is a port of Browserscope's user agent parser. ua-parser is vulnerable to a ReDoS Regular Expression Denial of Service attack when given a specially crafted UserAgent header...

7.4AI score0.09242EPSS
Exploits2References1
Veracode
Veracode
added 2017/12/11 4:3 a.m.8 views

Regular Expression Denial Of Service (ReDoS)

ua-parser-js is vulnerable to regular expression denial of service ReDoS attacks. An attacker can pass a string value to the getOS function to cause a ReDoS...

6.5AI score
Exploits0
Node.js
Node.js
added 2017/03/06 10:27 p.m.79 views

ReDoS via long UserAgent header

Overview Affected versions of ua-parser are vulnerable to regular expression denial of service when given a specially crafted User-Agent header. Recommendation No patch is currently available for this vulnerability. The best mitigation is currently to avoid using this package, using a different,...

5CVSS4.3AI score0.09242EPSS
Exploits2Affected Software1
Rows per page
Query Builder