PT-2018-2973 · Node.Js+3 · Node.Js+3

Arkadiy Tetelman

Publicado

2018-11-27

Atualizado

2026-03-05

CVE-2018-12116

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions Node.js versions prior to 6.15.0 Node.js versions prior to 8.14.0

Description The issue is related to HTTP request splitting, where Node.js can be tricked into using unsanitized user-provided Unicode data for the path option of an HTTP request. This can lead to a second, unexpected HTTP request being made to the same server. The vulnerability is also associated with errors in handling HTTP packets, which can allow a remote attacker to gain unauthorized access to protected data using HTTP requests.

Recommendations For versions prior to 6.15.0, update to version 6.15.0 or later. For versions prior to 8.14.0, update to version 8.14.0 or later.

Correção

HTTP Request/Response Smuggling

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-115CWE-444

Identificadores relacionados

ALT-PU-2018-2749

BDU:2019-02939

CVE-2018-12116

MGASA-2019-0277

OPENSUSE-SU-2019:0089-1

OPENSUSE-SU-2019_0088-1

OPENSUSE-SU-2019_0089-1

OPENSUSE-SU-2019_0234-1

RHSA-2019:1821

SUSE-SU-2019:0117-1

SUSE-SU-2019:0118-1

SUSE-SU-2019:0395-1

SUSE-SU-2019:14246-1

SUSE-SU-2019_0118-1

SUSE-SU-2019_14246-1

USN-4796-1

Produtos afetados

Alt Linux

Node.Js

Suse

Ubuntu

PT-2018-2973 · Node.Js+3 · Node.Js+3

CVE-2018-12116

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 296