PT-2019-17837 · Node.Js+2 · Node.Js+2

Timur Shemsedinov

Publicado

2018-05-25

Atualizado

2020-10-16

CVE-2019-5739

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Node.js versions prior to 6.17.0

Description The issue allows HTTP and HTTPS connections to remain open and inactive for an extended period, which can be exploited as a potential Denial of Service (DoS) attack vector. This behavior is due to the lack of a dedicated timeout setting in affected versions. The estimated number of potentially affected devices worldwide is not specified.

Recommendations For Node.js versions prior to 6.17.0, consider introducing a timeout setting, such as server.keepAliveTimeout, to mitigate the risk of Denial of Service (DoS) attacks, ideally setting it to a default of 5 seconds as introduced in later versions.

Correção

DoS

Allocation of Resources Without Limits

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-770CWE-400

Identificadores relacionados

ALT-PU-2018-1807

CVE-2019-5739

MGASA-2019-0277

OPENSUSE-SU-2019_1076-1

OPENSUSE-SU-2019_1173-1

SUSE-SU-2019:0658-1

SUSE-SU-2019:0818-1

Produtos afetados

Alt Linux

Node.Js

Suse

PT-2019-17837 · Node.Js+2 · Node.Js+2

CVE-2019-5739

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 55