CVE-2015-9241

Name of the Vulnerable Software and Affected Versions hapi versions prior to 11.1.3

Description The issue arises when certain input is passed into the If-Modified-Since or Last-Modified headers, causing an 'illegal access' exception. Instead of returning a HTTP 500 error, the hapi node module will continue to hold the socket open until it times out, which defaults to 2 minutes in node.

Recommendations Update to version 11.1.3 or later. As a temporary workaround, consider restricting access to the If-Modified-Since and Last-Modified headers to minimize the risk of exploitation.