Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2018-12121

Опубликовано: 28 нояб. 2018
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 5
CVSS3: 7.5

Описание

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer.

РелизСтатусПримечание
bionic

ignored

end of standard support, was deferred
cosmic

ignored

end of life
devel

not-affected

10.15.1~dfsg-5
disco

not-affected

10.15.1~dfsg-5
eoan

not-affected

10.15.1~dfsg-5
esm-apps/bionic

deferred

2019-05-01
esm-apps/focal

not-affected

10.15.1~dfsg-5
esm-apps/jammy

not-affected

10.15.1~dfsg-5
esm-apps/noble

not-affected

10.15.1~dfsg-5
esm-apps/xenial

deferred

2019-05-01

Показывать по

Ссылки на источники

EPSS

Процентиль: 90%
0.05801
Низкий

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2018-12121

CVSS3: 7.5
redhat
больше 6 лет назад

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer.

nvd логотип

CVE-2018-12121

CVSS3: 7.5
nvd
больше 6 лет назад

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer.

msrc логотип

CVE-2018-12121

CVSS3: 7.5
msrc
около 4 лет назад

Описание отсутствует

debian логотип

CVE-2018-12121

CVSS3: 7.5
debian
больше 6 лет назад

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11. ...

github логотип

GHSA-2p2c-vwq7-7vg6

CVSS3: 7.5
github
около 3 лет назад

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer.

EPSS

Процентиль: 90%
0.05801
Низкий

5 Medium

CVSS2

7.5 High

CVSS3