CVE-2015-8315

Опубликовано: 23 янв. 2017

Источник: nvd

CVSS3: 7.5

CVSS2: 7.8

EPSS Низкий

Описание

The ms package before 0.7.1 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."

Ссылки

http://www.openwall.com/lists/oss-security/2016/04/20/11
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/96389
Broken Link
Third Party Advisory
VDB Entry
https://nodesecurity.io/advisories/46
Broken Link
Exploit
Mitigation
Vendor Advisory
https://support.f5.com/csp/article/K46337613?utm_source=f5support&amp%3Butm_medium=RSS
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/04/20/11
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/96389
Broken Link
Third Party Advisory
VDB Entry
https://nodesecurity.io/advisories/46
Broken Link
Exploit
Mitigation
Vendor Advisory
https://support.f5.com/csp/article/K46337613?utm_source=f5support&amp%3Butm_medium=RSS
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:vercel:ms:*:*:*:*:*:node.js:*:*

Версия до 0.7.1 (исключая)

EPSS

Процентиль: 76%

0.00944

Низкий

7.5 High

CVSS3

7.8 High

CVSS2

Дефекты

CWE-1333

Связанные уязвимости

CVE-2015-8315

redhat

больше 10 лет назад

The ms package before 0.7.1 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."

CVE-2015-8315

CVSS3: 7.5

debian

около 9 лет назад

The ms package before 0.7.1 for Node.js allows attackers to cause a de ...

GHSA-3fx5-fwvr-xrjg

CVSS3: 7.5

github

больше 8 лет назад

Regular Expression Denial of Service in ms

EPSS

Процентиль: 76%

0.00944

Низкий

7.5 High

CVSS3

7.8 High

CVSS2

Дефекты

CWE-1333