Lucene search
Veracode Vulnerability DatabaseVERACODE:5018HistorySep 06, 2017 - 6:29 a.m.
Regular Expression Denial Of Service (ReDoS) Via Parsing Cookies
2017-09-0606:29:35
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
0.011 Low
EPSS
Percentile
84.8%
tough-cookie is vulnerable to regular expression denial of service (ReDoS) attack. The vulnerability exists because the COOKIE_PAIR regular expression used to parse the cookies causes unlimited repetitions when matching input characters. By using a large cookie string, attackers can make the process hang and cause a denial of service condition.
| CPE | Name | Operator | Version |
|---|---|---|---|
| tough-cookie | le | 2.2.1 | |
| tough-cookie | le | 2.3.2 | |
| tough-cookie | le | 2.3.2 |
Related
nodejs
nodejs
Regular Expression Denial of Service
2017-09-08 18:07:02
osv
osv
CVE-2017-15010
2017-10-04 01:29:03
Regular Expression Denial of Service in tough-cookie
2018-07-24 20:14:39
nvd
nvd
CVE-2017-15010
2017-10-04 01:29:03
CVE-2017-16112
2020-01-27 13:15:10
cve
cve
CVE-2017-15010
2017-10-04 01:29:03
CVE-2017-16112
2020-01-27 13:15:10
redhat
redhat
fedora
fedora
[SECURITY] Fedora 30 Update: nodejs-tough-cookie-2.3.4-1.fc30
2019-06-12 14:48:48
ubuntucve
ubuntucve
CVE-2017-15010
2017-10-04 00:00:00
nessus
nessus
Fedora 30 : nodejs-tough-cookie (2019-76f1b57c1c)
2019-06-13 00:00:00
RHEL 6 / 7 : rh-nodejs6-nodejs-tough-cookie (RHSA-2017:2913)
2024-04-27 00:00:00
RHEL 6 / 7 : rh-nodejs4-nodejs-tough-cookie (RHSA-2017:2912)
2024-04-27 00:00:00
redhatcve
redhatcve
CVE-2017-15010
2017-10-03 15:49:16
veracode
veracode
Regular Expression Denial Of Service (ReDoS) Via Parsing Cookies
2019-01-15 09:19:22
cvelist
cvelist
CVE-2017-15010
2017-10-03 16:00:00
github
github
Regular Expression Denial of Service in tough-cookie
2018-07-24 20:14:39
openvas
openvas
Fedora Update for nodejs-tough-cookie FEDORA-2019-76f1b57c1c
2019-06-13 00:00:00
debiancve
debiancve
CVE-2017-15010
2017-10-04 01:29:03
prion
prion
Design/Logic Flaw
2017-10-04 01:29:00