Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2019-5739

Опубликовано: 28 мар. 2019
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 5
CVSS3: 7.5

Описание

Keep-alive HTTP and HTTPS connections can remain open and inactive for up to 2 minutes in Node.js 6.16.0 and earlier. Node.js 8.0.0 introduced a dedicated server.keepAliveTimeout which defaults to 5 seconds. The behavior in Node.js 6.16.0 and earlier is a potential Denial of Service (DoS) attack vector. Node.js 6.17.0 introduces server.keepAliveTimeout and the 5-second default.

РелизСтатусПримечание
bionic

not-affected

8.10.0~dfsg-2ubuntu0.4
cosmic

not-affected

devel

not-affected

disco

not-affected

eoan

not-affected

esm-apps/bionic

not-affected

8.10.0~dfsg-2ubuntu0.4
esm-apps/focal

not-affected

esm-apps/jammy

not-affected

esm-apps/noble

not-affected

esm-apps/xenial

needed

Показывать по

Ссылки на источники

EPSS

Процентиль: 73%
0.00787
Низкий

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2019-5739

CVSS3: 7.5
redhat
больше 6 лет назад

Keep-alive HTTP and HTTPS connections can remain open and inactive for up to 2 minutes in Node.js 6.16.0 and earlier. Node.js 8.0.0 introduced a dedicated server.keepAliveTimeout which defaults to 5 seconds. The behavior in Node.js 6.16.0 and earlier is a potential Denial of Service (DoS) attack vector. Node.js 6.17.0 introduces server.keepAliveTimeout and the 5-second default.

nvd логотип

CVE-2019-5739

CVSS3: 7.5
nvd
около 6 лет назад

Keep-alive HTTP and HTTPS connections can remain open and inactive for up to 2 minutes in Node.js 6.16.0 and earlier. Node.js 8.0.0 introduced a dedicated server.keepAliveTimeout which defaults to 5 seconds. The behavior in Node.js 6.16.0 and earlier is a potential Denial of Service (DoS) attack vector. Node.js 6.17.0 introduces server.keepAliveTimeout and the 5-second default.

debian логотип

CVE-2019-5739

CVSS3: 7.5
debian
около 6 лет назад

Keep-alive HTTP and HTTPS connections can remain open and inactive for ...

github логотип

GHSA-wr35-fh22-q84x

CVSS3: 7.5
github
около 3 лет назад

Keep-alive HTTP and HTTPS connections can remain open and inactive for up to 2 minutes in Node.js 6.16.0 and earlier. Node.js 8.0.0 introduced a dedicated server.keepAliveTimeout which defaults to 5 seconds. The behavior in Node.js 6.16.0 and earlier is a potential Denial of Service (DoS) attack vector. Node.js 6.17.0 introduces server.keepAliveTimeout and the 5-second default.

suse-cvrf логотип

openSUSE-SU-2019:1173-1

suse-cvrf
около 6 лет назад

Security update for nodejs6

EPSS

Процентиль: 73%
0.00787
Низкий

5 Medium

CVSS2

7.5 High

CVSS3