Nes · Nes · CVE-2017-16025
Name of the Vulnerable Software and Affected Versions:
nes versions prior to 6.4.1
Description:
The issue is a denial of service vulnerability that occurs when an invalid `cookie` header is submitted on the websocket upgrade request, and websocket authentication is set to `cookie`. This causes the node process to error out.
Recommendations:
Update to version 6.4.1 or later.