Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to data processing errors [CVE-2025-7339]

Summary Node.js module on-headers is used by IBM App Connect Enterprise Certified Container for processing HTTP requests. IBM App Connect Enterprise Certified Container operands are vulnerable to data processing errors. This bulletin provides patch information to address the reported vulnerabilit...

Linux Distros Unpatched Vulnerability : CVE-2025-7339

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions 1.1.0 may result in response headers being...

SUSE CVE-2025-7339

on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions 1.1.0 may result in response headers being inadvertently modified when an array is passed to response.writeHead. Users should upgrade to version 1.1.0 to receive a patch. Uses are...

Improper Handling of Unexpected Data Type

Overview Affected versions of this package are vulnerable to Improper Handling of Unexpected Data Type via the response.writeHead function. An attacker can manipulate HTTP response headers by passing an array to this function, potentially leading to unintended disclosure or modification of header...

UBUNTU-CVE-2025-7339

on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions 1.1.0 may result in response headers being inadvertently modified when an array is passed to response.writeHead. Users should upgrade to version 1.1.0 to receive a patch. Uses are...

K24444803: Node.js vulnerabilities CVE-2015-8860, CVE-2015-8856, CVE-2016-7099, and CVE-2016-5325

Security Advisory Description CVE-2015-8860 The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive. CVE-2015-8856 Cross-site scripting XSS vulnerability in the serve-index package before 1.6.3 for Node.js allows remote...

SUSE CVE-2016-5325

CRLF injection vulnerability in the ServerResponsewriteHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument...

HTTP Response Splitting

nodejs is vulnerable to HTTP response splitting. This is due to a lack of validation for permitted characters in the reason argument in ServerResponsewriteHead function. An attacker is able to inject arbitrary HTTP headers into the server response via the affected argument and perform HTTP respon...

nodejs: reason argument in ServerResponse#writeHead() not properly validated

It was found that the reason argument in ServerResponsewriteHead was not properly validated. A remote attacker could possibly use this flaw to conduct an HTTP response splitting attack via a specially-crafted HTTP request...

nodejs: reason argument in ServerResponse#writeHead() not properly validated

It was found that the reason argument in ServerResponsewriteHead was not properly validated. A remote attacker could possibly use this flaw to conduct an HTTP response splitting attack via a specially-crafted HTTP request...

Joyent Node.js CRLF Injection Vulnerability

Joyent Node.js is the United States Joyent company's set of web applications built on top of the Google V8 JavaScript engine platform. The platform is primarily used for building highly scalable applications and writing code that can handle tens of thousands of simultaneous connections to a singl...

DEBIAN-CVE-2016-5325

CRLF injection vulnerability in the ServerResponsewriteHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument...

Crlf injection

CRLF injection vulnerability in the ServerResponsewriteHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument...

CVE-2016-5325

CRLF injection vulnerability in the ServerResponsewriteHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument...

CVE-2016-5325

It was found that the reason argument in ServerResponsewriteHead was not properly validated. A remote attacker could possibly use this flaw to conduct an HTTP response splitting attack via a specially-crafted HTTP request...