PT-2018-6056 · Nes · Nes

Iipokypatopo

Published

2018-06-04

Updated

2019-10-09

CVE-2017-16025

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: nes versions prior to 6.4.1

Description: The issue is a denial of service vulnerability that occurs when an invalid cookie header is submitted on the websocket upgrade request, and websocket authentication is set to cookie. This causes the node process to error out.

Recommendations: Update to version 6.4.1 or later.

Fix

Improper Authentication

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-400

Related Identifiers

CVE-2017-16025

GHSA-3PWH-5MMC-MWRX

Affected Products

Nes

PT-2018-6056 · Nes · Nes

CVE-2017-16025

Weakness Enumeration

Related Identifiers

Affected Products

References · 8