PT-2018-6043 · Hapi · Hapi

Geoand

Published

2018-06-04

Updated

2019-10-09

CVE-2017-16013

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: hapi versions 15.0.0 through 16.1.0

Description: The issue occurs when hapi encounters a malformed accept-encoding header, which may cause it to crash or hang the client connection until the timeout period is reached. Affected versions of hapi will crash or lock the event loop when such a header is received.

Recommendations: Update to version 16.1.1 or later.

Fix

Resource Exhaustion

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-20

Related Identifiers

CVE-2017-16013

GHSA-CQJG-WHMM-8GV6

Affected Products

Hapi

PT-2018-6043 · Hapi · Hapi

CVE-2017-16013

Weakness Enumeration

Related Identifiers

Affected Products

References · 7