PT-2018-6060 · Useragent · Useragent

Published

2018-06-04

Updated

2019-10-09

CVE-2017-16030

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Useragent versions 2.1.12 and earlier

Description: The issue arises from the use of regular expressions in the Useragent library to parse useragent headers. An attacker can exploit this by editing their own headers to create an arbitrarily long useragent string, potentially causing the event loop and server to block.

Recommendations: For versions 2.1.12 and earlier, update to version 2.1.13 or later.

Exploit

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2017-16030

GHSA-PJMX-9XR3-82QR

Affected Products

Useragent

PT-2018-6060 · Useragent · Useragent

CVE-2017-16030

Weakness Enumeration

Related Identifiers

Affected Products

References · 6