Описание
Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creating an arbitrarily long useragent string, causing the event loop and server to block. This affects Useragent 2.1.12 and earlier.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Mobile Application Platform 4 | fh-mbaas | Out of support scope | ||
| Red Hat Mobile Application Platform 4 | fh-messaging | Out of support scope | ||
| Red Hat Mobile Application Platform 4 | fh-metrics | Out of support scope | ||
| Red Hat Mobile Application Platform 4 | fh-supercore | Out of support scope |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1588890nodejs-useragent: Regular expression Denial-of-Service via long UserAgent header
EPSS
Процентиль: 62%
0.00433
Низкий
7.5 High
CVSS3
Связанные уязвимости
CVSS3: 7.5
nvd
больше 7 лет назад
Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creating an arbitrarily long useragent string, causing the event loop and server to block. This affects Useragent 2.1.12 and earlier.
EPSS
Процентиль: 62%
0.00433
Низкий
7.5 High
CVSS3