PT-2019-17837 · Node.Js+2 · Node.Js+2

Timur Shemsedinov

Published

2018-05-25

Updated

2020-10-16

CVE-2019-5739

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Node.js versions prior to 6.17.0

Description The issue allows HTTP and HTTPS connections to remain open and inactive for an extended period, which can be exploited as a potential Denial of Service (DoS) attack vector. This behavior is due to the lack of a dedicated timeout setting in affected versions. The estimated number of potentially affected devices worldwide is not specified.

Recommendations For Node.js versions prior to 6.17.0, consider introducing a timeout setting, such as server.keepAliveTimeout, to mitigate the risk of Denial of Service (DoS) attacks, ideally setting it to a default of 5 seconds as introduced in later versions.

Fix

DoS

Allocation of Resources Without Limits

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770CWE-400

Related Identifiers

ALT-PU-2018-1807

CVE-2019-5739

MGASA-2019-0277

OPENSUSE-SU-2019_1076-1

OPENSUSE-SU-2019_1173-1

SUSE-SU-2019:0658-1

SUSE-SU-2019:0818-1

Affected Products

Alt Linux

Node.Js

Suse

PT-2019-17837 · Node.Js+2 · Node.Js+2

CVE-2019-5739

Weakness Enumeration

Related Identifiers

Affected Products

References · 55