Описание
The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first.
An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.
Отчет
The HTTP request smuggling vulnerability in Node.js, stemming from Content-Length header obfuscation, is categorized as moderate severity due to its potential impact on the security and integrity of web applications. While the vulnerability can allow for the smuggling of secondary HTTP requests, leading to potential bypassing of security controls and injection of malicious content, its exploitation requires specific conditions and configurations to be met. Successful exploitation relies on the server's handling of malformed headers and the presence of web caching mechanisms susceptible to poisoning. Though the risk is notable and could facilitate attacks like XSS and cache poisoning, its moderate severity status suggests that while it warrants attention and mitigation, it might not pose an immediate, widespread threat under all circumstances.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 8 | nodejs:16/nodejs | Will not fix | ||
| Red Hat Software Collections | rh-nodejs14-nodejs | Will not fix | ||
| Red Hat Enterprise Linux 8 | nodejs | Fixed | RHSA-2024:2778 | 09.05.2024 |
| Red Hat Enterprise Linux 8 | nodejs | Fixed | RHSA-2024:2780 | 09.05.2024 |
| Red Hat Enterprise Linux 9 | nodejs | Fixed | RHSA-2024:2779 | 09.05.2024 |
| Red Hat Enterprise Linux 9 | nodejs | Fixed | RHSA-2024:2853 | 15.05.2024 |
| Red Hat Enterprise Linux 9 | nodejs | Fixed | RHSA-2024:2910 | 20.05.2024 |
| Red Hat Enterprise Linux 9.0 Extended Update Support | nodejs | Fixed | RHSA-2024:3545 | 03.06.2024 |
| Red Hat Enterprise Linux 9.2 Extended Update Support | nodejs | Fixed | RHSA-2024:4559 | 16.07.2024 |
Показывать по
Дополнительная информация
Статус:
6.1 Medium
CVSS3
Связанные уязвимости
The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first.
The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first.
The team has identified a critical vulnerability in the http server of ...
The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first.
6.1 Medium
CVSS3