Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-7162

Опубликовано: 12 июн. 2018
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node process which provides an http server supporting TLS server to crash. This can be accomplished by sending duplicate/unexpected messages during the handshake. This vulnerability has been addressed by updating the TLS implementation.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 8nodejsNot affected
Red Hat Mobile Application Platform 4nodejsNot affected
Red Hat OpenShift Application RuntimesnodejsNot affected
Red Hat OpenShift Container Platform 3.10logging-auth-proxyNot affected
Red Hat OpenShift Container Platform 3.10logging-kibanaNot affected
Red Hat Software Collectionsrh-nodejs4-nodejsNot affected
Red Hat Software Collectionsrh-nodejs6-nodejsNot affected
Red Hat Software Collectionsrh-nodejs8-nodejsNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=1591018nodejs: denial of service (DoS) by causing a node process which provides an http server supporting TLS server to crash

EPSS

Процентиль: 83%
0.02051
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-7162

CVSS3: 7.5
ubuntu
около 7 лет назад

All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node process which provides an http server supporting TLS server to crash. This can be accomplished by sending duplicate/unexpected messages during the handshake. This vulnerability has been addressed by updating the TLS implementation.

nvd логотип

CVE-2018-7162

CVSS3: 7.5
nvd
около 7 лет назад

All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node process which provides an http server supporting TLS server to crash. This can be accomplished by sending duplicate/unexpected messages during the handshake. This vulnerability has been addressed by updating the TLS implementation.

msrc логотип

CVE-2018-7162

CVSS3: 7.5
msrc
около 4 лет назад

Описание отсутствует

debian логотип

CVE-2018-7162

CVSS3: 7.5
debian
около 7 лет назад

All versions of Node.js 9.x and 10.x are vulnerable and the severity i ...

github логотип

GHSA-h4wv-8vxr-jgjq

CVSS3: 7.5
github
около 3 лет назад

All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node process which provides an http server supporting TLS server to crash. This can be accomplished by sending duplicate/unexpected messages during the handshake. This vulnerability has been addressed by updating the TLS implementation.

EPSS

Процентиль: 83%
0.02051
Низкий

7.5 High

CVSS3