Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-1000232

Опубликовано: 22 июл. 2016
Источник: redhat
CVSS3: 5.3
CVSS2: 4.3

Описание

NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service. This attack appear to be exploitable via Custom HTTP header passed by client. This vulnerability appears to have been fixed in 2.3.0.

A regular expression denial of service flaw was found in Tough-Cookie. An attacker able to make an application using Touch-Cookie to parse an HTTP header with many semicolons could cause the application to consume an excessive amount of CPU.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Software Collectionsnodejs010-nodejs-tough-cookieWill not fix
Red Hat Software Collectionsrh-nodejs6-nodejs-tough-cookieNot affected
Red Hat OpenShift Container Platform 3.2nodejsFixedRHSA-2016:210127.10.2016
Red Hat OpenShift Container Platform 3.2nodejs-tough-cookieFixedRHSA-2016:210127.10.2016
Red Hat OpenShift Container Platform 3.3nodejsFixedRHSA-2016:210127.10.2016
Red Hat OpenShift Container Platform 3.3nodejs-tough-cookieFixedRHSA-2016:210127.10.2016
Red Hat OpenShift Enterprise 3.1nodejsFixedRHSA-2016:210127.10.2016
Red Hat OpenShift Enterprise 3.1nodejs-tough-cookieFixedRHSA-2016:210127.10.2016
Red Hat Software Collections for Red Hat Enterprise Linux 6rh-nodejs4-nodejs-tough-cookieFixedRHSA-2017:291218.10.2017
Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUSrh-nodejs4-nodejs-tough-cookieFixedRHSA-2017:291218.10.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1359818nodejs-tough-cookie: regular expression DoS via Cookie header with many semicolons

5.3 Medium

CVSS3

4.3 Medium

CVSS2

Связанные уязвимости

nvd логотип

CVE-2016-1000232

CVSS3: 5.3
nvd
больше 7 лет назад

NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service. This attack appear to be exploitable via Custom HTTP header passed by client. This vulnerability appears to have been fixed in 2.3.0.

github логотип

GHSA-qhv9-728r-6jqg

CVSS3: 5.3
github
больше 7 лет назад

ReDoS via long string of semicolons in tough-cookie

5.3 Medium

CVSS3

4.3 Medium

CVSS2