Exploit the possiblities
Showing 1 - 3 of 3 RSS Feed

CVE-2016-5325

Status Candidate

Overview

CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument.

Related Files

Red Hat Security Advisory 2017-0002-01
Posted Jan 3, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0002-01 - Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. The following packages have been upgraded to a newer upstream version: rh-nodejs4-nodejs, rh-nodejs4-http-parser. Security Fix: It was found that Node.js' tls.checkServerIdentity() function did not properly validate server certificates containing wildcards. A malicious TLS server could use this flaw to get a specially crafted certificate accepted by a Node.js TLS client.

tags | advisory, web, javascript
systems | linux, redhat
advisories | CVE-2016-1669, CVE-2016-5180, CVE-2016-5325, CVE-2016-7099
MD5 | 30efc184d99c0deded727c2d19d1b7c6
Gentoo Linux Security Advisory 201612-43
Posted Dec 13, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201612-43 - Multiple vulnerabilities have been found in Node.js, the worst of which can allow remote attackers to cause Denial of Service conditions. Versions less than 4.6.1 are affected.

tags | advisory, remote, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2015-8027, CVE-2016-2086, CVE-2016-2216, CVE-2016-5325
MD5 | 4b42daa18b875bff3d46c65acbec145f
Red Hat Security Advisory 2016-2101-01
Posted Oct 27, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2101-01 - Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. Security Fix: A regular expression denial of service flaw was found in Tough-Cookie. An attacker able to make an application using Touch-Cookie to parse a sufficiently large HTTP request Cookie header could cause the application to consume an excessive amount of CPU.

tags | advisory, web, denial of service
systems | linux, redhat
advisories | CVE-2016-1000232, CVE-2016-5325
MD5 | 8627988deda3df96d960796befeb04fb
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

February 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    15 Files
  • 2
    Feb 2nd
    15 Files
  • 3
    Feb 3rd
    15 Files
  • 4
    Feb 4th
    13 Files
  • 5
    Feb 5th
    16 Files
  • 6
    Feb 6th
    15 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    15 Files
  • 9
    Feb 9th
    18 Files
  • 10
    Feb 10th
    8 Files
  • 11
    Feb 11th
    8 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    15 Files
  • 14
    Feb 14th
    15 Files
  • 15
    Feb 15th
    17 Files
  • 16
    Feb 16th
    18 Files
  • 17
    Feb 17th
    37 Files
  • 18
    Feb 18th
    2 Files
  • 19
    Feb 19th
    16 Files
  • 20
    Feb 20th
    6 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close