Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-15010

Опубликовано: 05 сент. 2017
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

A ReDoS (regular expression denial of service) flaw was found in the tough-cookie module before 2.3.3 for Node.js. An attacker that is able to make an HTTP request using a specially crafted cookie may cause the application to consume an excessive amount of CPU.

A regular expression denial of service flaw was found in Tough-Cookie. An attacker able to make an application using Touch-Cookie to parse a sufficiently large HTTP request Cookie header could cause the application to consume an excessive amount of CPU.

Отчет

Red Hat Quay include nodejs-tough-cookie as a build time dependency of protractor. It's no included in the runtime code, and is therefore not affected by this vulnerability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenShift Enterprise 3nodejs-tough-cookieNot affected
Red Hat Quay 3quay/quay-rhel8Not affected
Red Hat Mobile Application Platform 4.6fh-system-dump-toolFixedRHSA-2018:126330.04.2018
Red Hat Mobile Application Platform 4.6fpingFixedRHSA-2018:126330.04.2018
Red Hat Mobile Application Platform 4.6nagiosFixedRHSA-2018:126330.04.2018
Red Hat Mobile Application Platform 4.6nagios-pluginsFixedRHSA-2018:126330.04.2018
Red Hat Mobile Application Platform 4.6perl-Crypt-CBCFixedRHSA-2018:126330.04.2018
Red Hat Mobile Application Platform 4.6perl-Crypt-DESFixedRHSA-2018:126330.04.2018
Red Hat Mobile Application Platform 4.6perl-Net-SNMPFixedRHSA-2018:126330.04.2018
Red Hat Mobile Application Platform 4.6phantomjsFixedRHSA-2018:126330.04.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1493989nodejs-tough-cookie: Regular expression denial of service

EPSS

Процентиль: 92%
0.08205
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-15010

CVSS3: 7.5
ubuntu
больше 8 лет назад

A ReDoS (regular expression denial of service) flaw was found in the tough-cookie module before 2.3.3 for Node.js. An attacker that is able to make an HTTP request using a specially crafted cookie may cause the application to consume an excessive amount of CPU.

nvd логотип

CVE-2017-15010

CVSS3: 7.5
nvd
больше 8 лет назад

A ReDoS (regular expression denial of service) flaw was found in the tough-cookie module before 2.3.3 for Node.js. An attacker that is able to make an HTTP request using a specially crafted cookie may cause the application to consume an excessive amount of CPU.

debian логотип

CVE-2017-15010

CVSS3: 7.5
debian
больше 8 лет назад

A ReDoS (regular expression denial of service) flaw was found in the t ...

github логотип

GHSA-g7q5-pjjr-gqvp

CVSS3: 7.5
github
больше 7 лет назад

Regular Expression Denial of Service in tough-cookie

EPSS

Процентиль: 92%
0.08205
Низкий

5.3 Medium

CVSS3