|Title:||Node.js Multiple Vulnerabilities-Nov18 (Windows)|
|Summary:||The host is installed with Node.js and is; prone to multiple vulnerabilities.|
The host is installed with Node.js and is
prone to multiple vulnerabilities.
Multiple flaws are due to,
Node.js is using url.parse() to determine the URL hostname, that hostname
- An error in Slowloris HTTP, An attacker can cause a Denial of Service
(DoS) by sending headers very slowly keeping HTTP or HTTPS connections
and associated resources alive for a long period of time and
- Denial of Service with large HTTP headers, By using a combination of many
requests with maximum sized headers (almost 80 KB per connection), and
carefully timed completion of the headers, it is possible to cause the
HTTP server to abort from heap allocation failure.
Successful exploitation will allow remote
attackers to conduct denial of service and spoofing attacks.
Node.js All versions prior to 6.15.0,
8.14.0, 10.14.0 and 11.3.0 on Windows.
Upgrade to Node.js 6.15.0, 8.14.0,
or 10.14.0, 11.3.0 or later. For updates refer to Reference links.
Common Vulnerability Exposure (CVE) ID: CVE-2018-12121|
Common Vulnerability Exposure (CVE) ID: CVE-2018-12122
Common Vulnerability Exposure (CVE) ID: CVE-2018-12123
|Copyright||Copyright (C) 2018 Greenbone Networks GmbH|
|This is only one of 71225 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.