English | Deutsch | Español | Português
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
    Search 148472 CVE descriptions
and 72306 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Title:Node.js Multiple Vulnerabilities-Nov18 (Windows)
Summary:The host is installed with Node.js and is; prone to multiple vulnerabilities.
The host is installed with Node.js and is
prone to multiple vulnerabilities.

Vulnerability Insight:
Multiple flaws are due to,

- An error in Hostname spoofing in URL parser for javascript protocol, If a
Node.js is using url.parse() to determine the URL hostname, that hostname
can be spoofed by using a mixed case 'javascript:',

- An error in Slowloris HTTP, An attacker can cause a Denial of Service
(DoS) by sending headers very slowly keeping HTTP or HTTPS connections
and associated resources alive for a long period of time and

- Denial of Service with large HTTP headers, By using a combination of many
requests with maximum sized headers (almost 80 KB per connection), and
carefully timed completion of the headers, it is possible to cause the
HTTP server to abort from heap allocation failure.

Vulnerability Impact:
Successful exploitation will allow remote
attackers to conduct denial of service and spoofing attacks.

Affected Software/OS:
Node.js All versions prior to 6.15.0,
8.14.0, 10.14.0 and 11.3.0 on Windows.

Upgrade to Node.js 6.15.0, 8.14.0,
or 10.14.0, 11.3.0 or later. For updates refer to Reference links.

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-12121
Common Vulnerability Exposure (CVE) ID: CVE-2018-12122
Common Vulnerability Exposure (CVE) ID: CVE-2018-12123
CopyrightCopyright (C) 2018 Greenbone Networks GmbH

This is only one of 72306 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
Registered User Login

 Forgot userid or passwd?

Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.