Lucene search
K
NodejsNode.js4.2.3

5 matches found

CVE
CVE
added 2016/04/07 9:0 p.m.95 views

CVE-2016-2216

CVE-2016-2216 affects Node.js HTTP header parsing in several branches (0.10.x, 0.11.x, 0.12.x, 4.x, 5.x). Root cause: header parsing inadequately validates UTF-8/Unicode characters, enabling HTTP response-splitting protection bypass. Demonstrated by crafted encoded input like %c4%8d%c4%8a. Impact...

7.5CVSS7.5AI score0.07013EPSS
CVE
CVE
added 2016/10/10 4:0 p.m.87 views

CVE-2016-5325

CVE-2016-5325 is a CRLF injection flaw in Node.js’s ServerResponse#writeHead(), allowing a remote attacker to inject arbitrary HTTP headers via the reason argument. Affected are Node.js versions: 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0. Impact is HTTP ...

6.1CVSS6.7AI score0.04093EPSS
CVE
CVE
added 2016/04/07 9:0 p.m.86 views

CVE-2016-2086

CVE-2016-2086 affects Node.js HTTP request parsing via Content-Length mishandling, enabling remote HTTP request smuggling. Public docs identify Node.js versions affected (0.10.x up to 0.10.42, 0.12.x up to 0.12.10, 4.x up to 4.3.0, 5.x up to 5.6.0) and describe impact as potential for cache poiso...

7.5CVSS7.2AI score0.06257EPSS
CVE
CVE
added 2016/07/02 2:0 p.m.84 views

CVE-2016-3956

CVE-2016-3956 describes an HTTP bearer token leak in the npm CLI, allowing a remote attacker to obtain sensitive information via Authorization headers. Affected npm versions include prior to 2.15.1 and 3.x prior to 3.8.3, used with Node.js 0.10 (before 0.10.44), 0.12 (before 0.12.13), 4 (before 4...

7.5CVSS7.2AI score0.06748EPSS
CVE
CVE
added 2016/10/10 4:0 p.m.77 views

CVE-2016-7099

CVE-2016-7099 affects Node.js TLS: tls.checkServerIdentity fails to properly validate certs with wildcards, enabling MITM via crafted X.509 certificates. The issue is fixed in upstream Node.js by updating to versions where wildcard handling is corrected (0.10.47, 0.12.16, 4.6.0, 6.7.0) and is ech...

5.9CVSS6AI score0.02841EPSS