CVE-2016-2086

Опубликовано: 07 апр. 2016

Источник: debian

EPSS Низкий

Описание

Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
nodejs	fixed	4.3.0~dfsg-1		package

Примечания

libv8 is not covered by security support
https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/

EPSS

Процентиль: 63%

0.00451

Низкий

Связанные уязвимости

CVE-2016-2086

CVSS3: 7.5

ubuntu

почти 10 лет назад

Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.

CVE-2016-2086

redhat

почти 10 лет назад

Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.

CVE-2016-2086

CVSS3: 7.5

nvd

почти 10 лет назад

Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.

GHSA-j4wx-39fg-h554

CVSS3: 7.5

github

больше 3 лет назад

Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.

openSUSE-SU-2016:0604-1

suse-cvrf

почти 10 лет назад

Security update for nodejs

EPSS

Процентиль: 63%

0.00451

Низкий