|Title:||Node.js 'HTTP' Splitting' Privilege Escalareion Vulnerability-(Windows)|
|Summary:||The host is installed with Node.js and is; prone to privilege escalation vulnerability.|
The host is installed with Node.js and is
prone to privilege escalation vulnerability.
The flaw exists in due to an error in HTTP,
request splitting. If Node.js can be convinced to use unsanitized user-provided
Unicode data for the `path` option of an HTTP request, then data can be
provided which will trigger a second, unexpected, and user-defined HTTP
request to made to the same server.
Successful exploitation will allow remote
attackers to conduct spoofing attacks.
Node.js all versions prior to 6.15.0
and 8.14.0 on Windows.
Upgrade to Node.js version 6.15.0, 8.14.0
or later. For updates refer to Reference links.
Common Vulnerability Exposure (CVE) ID: CVE-2018-12116|
|Copyright||Copyright (C) 2018 Greenbone Networks GmbH|
|This is only one of 71225 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.