Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-5737

Опубликовано: 28 мар. 2019
Источник: nvd
CVSS3: 7.5
CVSS2: 5
EPSS Средний

Описание

In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1, an attacker can cause a Denial of Service (DoS) by establishing an HTTP or HTTPS connection in keep-alive mode and by sending headers very slowly. This keeps the connection and associated resources alive for a long period of time. Potential attacks are mitigated by the use of a load balancer or other proxy layer. This vulnerability is an extension of CVE-2018-12121, addressed in November and impacts all active Node.js release lines including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
Версия от 6.0.0 (включая) до 6.17.0 (исключая)
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
Версия от 8.0.0 (включая) до 8.15.1 (исключая)
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
Версия от 10.0.0 (включая) до 10.15.2 (исключая)
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
Версия от 11.0.0 (включая) до 11.10.1 (исключая)
Конфигурация 2
cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*

EPSS

Процентиль: 96%
0.29342
Средний

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-400
CWE-770

Связанные уязвимости

ubuntu логотип

CVE-2019-5737

CVSS3: 7.5
ubuntu
около 6 лет назад

In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1, an attacker can cause a Denial of Service (DoS) by establishing an HTTP or HTTPS connection in keep-alive mode and by sending headers very slowly. This keeps the connection and associated resources alive for a long period of time. Potential attacks are mitigated by the use of a load balancer or other proxy layer. This vulnerability is an extension of CVE-2018-12121, addressed in November and impacts all active Node.js release lines including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1.

redhat логотип

CVE-2019-5737

CVSS3: 5.3
redhat
больше 6 лет назад

In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1, an attacker can cause a Denial of Service (DoS) by establishing an HTTP or HTTPS connection in keep-alive mode and by sending headers very slowly. This keeps the connection and associated resources alive for a long period of time. Potential attacks are mitigated by the use of a load balancer or other proxy layer. This vulnerability is an extension of CVE-2018-12121, addressed in November and impacts all active Node.js release lines including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1.

msrc логотип

CVE-2019-5737

CVSS3: 7.5
msrc
около 4 лет назад

Описание отсутствует

debian логотип

CVE-2019-5737

CVSS3: 7.5
debian
около 6 лет назад

In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before ...

suse-cvrf логотип

openSUSE-SU-2019:1211-1

suse-cvrf
около 6 лет назад

Security update for nodejs10

EPSS

Процентиль: 96%
0.29342
Средний

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-400
CWE-770