what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 12 of 12 RSS Feed

CVE-2019-15605

Status Candidate

Overview

HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed

Related Files

Ubuntu Security Notice USN-6380-1
Posted Sep 19, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6380-1 - Rogier Schouten discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Ethan Rubinson discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2019-15604, CVE-2019-15605, CVE-2019-15606, CVE-2020-8174, CVE-2020-8265
SHA-256 | c9cc97e96bb7a83ea382245507e85fc0d4820b2068dcb9f3906a130008dfa00c
Debian Security Advisory 4669-1
Posted Apr 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4669-1 - Multiple vulnerabilities were discovered in Node.js, which could result in denial of service or HTTP request smuggling.

tags | advisory, web, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2019-15604, CVE-2019-15605, CVE-2019-15606, CVE-2019-9511, CVE-2019-9513, CVE-2019-9514
SHA-256 | 6f962b4fe577287f2ccb2224302c35d90acb45019bf2b11ea4da941e04961852
Red Hat Security Advisory 2020-1510-01
Posted Apr 21, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1510-01 - The http-parser package provides a utility for parsing HTTP messages. An HTTP request smuggling vulnerability was addressed.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2019-15605
SHA-256 | 335d91cf414060a0080be61719c914c89c3326a0d37793f422f0fca45c961081
Gentoo Linux Security Advisory 202003-48
Posted Mar 21, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202003-48 - Multiple vulnerabilities have been found in Node.js, worst of which could allow remote attackers to write arbitrary files. Versions less than 12.15.0 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2018-12115, CVE-2018-12116, CVE-2018-12121, CVE-2018-12122, CVE-2018-12123, CVE-2018-7161, CVE-2018-7162, CVE-2018-7164, CVE-2018-7167, CVE-2019-15604, CVE-2019-15605, CVE-2019-15606, CVE-2019-16777, CVE-2019-5737, CVE-2019-5739
SHA-256 | 74cfd9bd90d2d33e764c86a5e1c80a6b642e808e00a02002d6d17c9467102fb0
Red Hat Security Advisory 2020-0708-01
Posted Mar 4, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0708-01 - The http-parser package provides a utility for parsing HTTP messages. It parses both requests and responses. The parser is designed to be used in performance HTTP applications. It does not make any system calls or allocations, it does not buffer data, and it can be interrupted at any time. Depending on your architecture, it only requires about 40 bytes of data per message stream. HTTP request smuggling was addressed.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2019-15605
SHA-256 | a170d015c32f37432d9de939a73499f02f7638a9789e5e1796da178dc64bd3a1
Red Hat Security Advisory 2020-0707-01
Posted Mar 4, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0707-01 - The http-parser package provides a utility for parsing HTTP messages. It parses both requests and responses. The parser is designed to be used in performance HTTP applications. It does not make any system calls or allocations, it does not buffer data, and it can be interrupted at any time. Depending on your architecture, it only requires about 40 bytes of data per message stream. HTTP request smuggling was addressed.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2019-15605
SHA-256 | 356b5cddfb52ed1d8d5aa0bcc6cf2953a6fe74e992643df32307133cffd2e459
Red Hat Security Advisory 2020-0703-01
Posted Mar 4, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0703-01 - The http-parser package provides a utility for parsing HTTP messages. It parses both requests and responses. The parser is designed to be used in performance HTTP applications. It does not make any system calls or allocations, it does not buffer data, and it can be interrupted at any time. Depending on your architecture, it only requires about 40 bytes of data per message stream. HTTP request smuggling was addressed.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2019-15605
SHA-256 | 8ea83379a922dc0dcbacd24df3271f11e1b50698d6e2c37e5b91f8c7c0aff4f9
Red Hat Security Advisory 2020-0602-01
Posted Feb 26, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0602-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. HTTP request smuggling was addressed along with other security issues.

tags | advisory, web, javascript
systems | linux, redhat
advisories | CVE-2019-15604, CVE-2019-15605, CVE-2019-15606, CVE-2019-16775, CVE-2019-16776, CVE-2019-16777
SHA-256 | 06640bfa1968df0b472481ae67bb1e2f62f27a46e4050fa57fce9b5cec78e50b
Red Hat Security Advisory 2020-0598-01
Posted Feb 25, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0598-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. HTTP request smuggling was addressed along with other security issues.

tags | advisory, web, javascript
systems | linux, redhat
advisories | CVE-2019-15604, CVE-2019-15605, CVE-2019-15606
SHA-256 | 9fc3f9bc8d7dd7b61381febce5db7ceadfe94a7f3ed9b5467b3740dd5e2b5f6d
Red Hat Security Advisory 2020-0597-01
Posted Feb 25, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0597-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. HTTP request smuggling was addressed along with other security issues.

tags | advisory, web, javascript
systems | linux, redhat
advisories | CVE-2019-15604, CVE-2019-15605, CVE-2019-15606, CVE-2019-16775, CVE-2019-16776, CVE-2019-16777
SHA-256 | 4f28657da8e272a2e2844edb1a5372df1b1680d0daf9e675279a4c550d709df9
Red Hat Security Advisory 2020-0579-01
Posted Feb 25, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0579-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. HTTP request smuggling was addressed along with other security issues.

tags | advisory, web, javascript
systems | linux, redhat
advisories | CVE-2019-15604, CVE-2019-15605, CVE-2019-15606, CVE-2019-16775, CVE-2019-16776, CVE-2019-16777
SHA-256 | b886b0e95ead26013e0308ccf593a5a846e8731401ea54bdeeb098795796b513
Red Hat Security Advisory 2020-0573-01
Posted Feb 25, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0573-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. HTTP request smuggling was addressed along with other security issues.

tags | advisory, web, javascript
systems | linux, redhat
advisories | CVE-2019-15604, CVE-2019-15605, CVE-2019-15606, CVE-2019-16775, CVE-2019-16776, CVE-2019-16777
SHA-256 | c2e5505c347e28a5c5b708280a3f87650156fcbc79f19efa78129e544ac3accb
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close