 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.1.12.2021.4796.1 |
| Category: | Ubuntu Local Security Checks |
| Title: | Ubuntu: Security Advisory (USN-4796-1) |
| Summary: | The remote host is missing an update for the 'nodejs' package(s) announced via the USN-4796-1 advisory. |
| Description: | Summary: The remote host is missing an update for the 'nodejs' package(s) announced via the USN-4796-1 advisory. Vulnerability Insight: Alexander Minozhenko and James Bunton discovered that Node.js did not properly handle wildcards in name fields of X.509 TLS certificates. An attacker could use this vulnerability to execute a machine-in-the-middle- attack. This issue only affected Ubuntu 14.04 ESM and 16.04 ESM. (CVE-2016-7099) It was discovered that Node.js incorrectly handled certain NAPTR responses. A remote attacker could possibly use this issue to cause applications using Node.js to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 ESM. (CVE-2017-1000381) Nikita Skovoroda discovered that Node.js mishandled certain input, leading to an out of bounds write. An attacker could use this vulnerability to cause a denial of service (crash) or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 ESM. (CVE-2018-12115) Arkadiy Tetelman discovered that Node.js improperly handled certain malformed HTTP requests. An attacker could use this vulnerability to inject unexpected HTTP requests. This issue only affected Ubuntu 18.04 ESM. (CVE-2018-12116) Jan Maybach discovered that Node.js did not time out if incomplete HTTP/HTTPS headers were received. An attacker could use this vulnerability to cause a denial of service by keeping HTTP/HTTPS connections alive for a long period of time. This issue only affected Ubuntu 18.04 ESM. (CVE-2018-12122) Martin Bajanik discovered that the url.parse() method would return incorrect results if it received specially crafted input. An attacker could use this vulnerability to spoof the hostname and bypass hostname-specific security controls. This issue only affected Ubuntu 18.04 ESM. (CVE-2018-12123) It was discovered that Node.js is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser with network access to the system running the Node.js process. This issue only affected Ubuntu 18.04 ESM. (CVE-2018-7160) It was discovered that the Buffer.fill() and Buffer.alloc() methods improperly handled certain inputs. An attacker could use this vulnerability to cause a denial of service. This issue only affected Ubuntu 18.04 ESM. (CVE-2018-7167) Marco Pracucci discovered that Node.js mishandled HTTP and HTTPS connections. An attacker could use this vulnerability to cause a denial of service. This issue only affected Ubuntu 18.04 ESM. (CVE-2019-5737) Affected Software/OS: 'nodejs' package(s) on Ubuntu 14.04, Ubuntu 16.04, Ubuntu 18.04. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2016-7099 BugTraq ID: 93191 http://www.securityfocus.com/bid/93191 RedHat Security Advisories: RHSA-2017:0002 http://rhn.redhat.com/errata/RHSA-2017-0002.html SuSE Security Announcement: SUSE-SU-2016:2470 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html Common Vulnerability Exposure (CVE) ID: CVE-2017-1000381 BugTraq ID: 99148 http://www.securityfocus.com/bid/99148 Common Vulnerability Exposure (CVE) ID: CVE-2018-12115 BugTraq ID: 105127 http://www.securityfocus.com/bid/105127 https://security.gentoo.org/glsa/202003-48 RedHat Security Advisories: RHSA-2018:2552 https://access.redhat.com/errata/RHSA-2018:2552 RedHat Security Advisories: RHSA-2018:2553 https://access.redhat.com/errata/RHSA-2018:2553 RedHat Security Advisories: RHSA-2018:2944 https://access.redhat.com/errata/RHSA-2018:2944 RedHat Security Advisories: RHSA-2018:2949 https://access.redhat.com/errata/RHSA-2018:2949 RedHat Security Advisories: RHSA-2018:3537 https://access.redhat.com/errata/RHSA-2018:3537 Common Vulnerability Exposure (CVE) ID: CVE-2018-12116 RedHat Security Advisories: RHSA-2019:1821 https://access.redhat.com/errata/RHSA-2019:1821 Common Vulnerability Exposure (CVE) ID: CVE-2018-12122 BugTraq ID: 106043 http://www.securityfocus.com/bid/106043 Common Vulnerability Exposure (CVE) ID: CVE-2018-12123 Common Vulnerability Exposure (CVE) ID: CVE-2018-7160 https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/ https://support.f5.com/csp/article/K63025104?utm_source=f5support&utm_medium=RSS https://www.oracle.com//security-alerts/cpujul2021.html Common Vulnerability Exposure (CVE) ID: CVE-2018-7167 BugTraq ID: 106363 http://www.securityfocus.com/bid/106363 Common Vulnerability Exposure (CVE) ID: CVE-2019-5737 https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/ SuSE Security Announcement: openSUSE-SU-2019:1076 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html SuSE Security Announcement: openSUSE-SU-2019:1173 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html SuSE Security Announcement: openSUSE-SU-2019:1211 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00059.html |
| Copyright | Copyright (C) 2023 Greenbone AG |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |