CVE-2018-12116

CVSS v2.0

7.8

High

AV:N/AC:L/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions Node.js versions prior to 6.15.0 Node.js versions prior to 8.14.0

Description The issue is related to HTTP request splitting, where Node.js can be tricked into using unsanitized user-provided Unicode data for the path option of an HTTP request. This can lead to a second, unexpected HTTP request being made to the same server. The vulnerability is also associated with errors in handling HTTP packets, which can allow a remote attacker to gain unauthorized access to protected data using HTTP requests.

Recommendations For versions prior to 6.15.0, update to version 6.15.0 or later. For versions prior to 8.14.0, update to version 8.14.0 or later.

Fix

HTTP Request/Response Smuggling

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-115CWE-444

Related Identifiers

ALT-PU-2018-2749

BDU:2019-02939

CVE-2018-12116

MGASA-2019-0277

OPENSUSE-SU-2019:0089-1

OPENSUSE-SU-2019_0088-1

OPENSUSE-SU-2019_0089-1

OPENSUSE-SU-2019_0234-1

RHSA-2019:1821

SUSE-SU-2019:0117-1

SUSE-SU-2019:0118-1

SUSE-SU-2019:0395-1

SUSE-SU-2019:14246-1

SUSE-SU-2019_0118-1

SUSE-SU-2019_14246-1

USN-4796-1

Affected Products

Alt Linux

Node.Js

Suse

Ubuntu

CVE-2018-12116

Weakness Enumeration

Related Identifiers

Affected Products

References · 296