Download
| Alert*
|
oval:org.secpod.oval:def:67548
The host is installed with Node.js 10.0.0 before 10.19.0, 12.0.0 before 12.15.0, 13.0.0 before 13.8.0 and is prone to an HTTP request smuggling vulnerability. A flaw is present in the application which fails to handle malformed payload. Successful exploitation can allow attackers to hijack user sess ... oval:org.secpod.oval:def:1504519 nodejs [1:10.19.0-1] - Rebase to 10.19.0 to fix CVE-2019-15604 to CVE-2019-15606 [1:10.16.3-1] - Rebase to 10.16.3 to fix CVE-2019-9511 to CVE-2019-9518 [1:10.14.1-1] - Resolves: RHBZ#1644207 - fixes node-gyp permissions - rebase [1:10.11.0-2] - BuildRequire nodejs-packaging for proper npm dependenc ... oval:org.secpod.oval:def:83395 The host is installed with Node.js 10.0.0 before 10.19.0, 12.0.0 before 12.15.0, 13.0.0 before 13.8.0 and is prone to a HTTP request smuggling vulnerability. A flaw is present in the application which fails to handle malformed payload. Successful exploitation can allow attackers to hijack user sessi ... oval:org.secpod.oval:def:117837 libuv is a new platform layer for Node. Its purpose is to abstract IOCP on Windows and libev on Unix systems. We intend to eventually contain all platform differences in this library. oval:org.secpod.oval:def:67626 The host is installed with Kibana before 6.8.7 or 7.x before 7.6.1 and is prone to a HTTP request smuggling vulnerability. A flaw is present in the application, which fails to properly handle malformed HTTP headers. Successful exploitation could allow an attacker to cause HTTP request smuggling atta ... oval:org.secpod.oval:def:89000175 This update for nodejs10 fixes the following issues: nodejs10 was updated to version 10.19.0. Security issues fixed: - CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS server via a crafted certificate string . - CVE-2019-15605: Fixed an HTTP request smuggling vulnerability via malfo ... oval:org.secpod.oval:def:503544 The http-parser package provides a utility for parsing HTTP messages. It parses both requests and responses. The parser is designed to be used in performance HTTP applications. It does not make any system calls or allocations, it does not buffer data, and it can be interrupted at any time. Depending ... oval:org.secpod.oval:def:503545 The http-parser package provides a utility for parsing HTTP messages. It parses both requests and responses. The parser is designed to be used in performance HTTP applications. It does not make any system calls or allocations, it does not buffer data, and it can be interrupted at any time. Depending ... oval:org.secpod.oval:def:2500152 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. oval:org.secpod.oval:def:505104 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: rh-nodejs12-nodejs . Security Fix: * nodejs: HTTP request smuggling using malformed Transfer-E ... oval:org.secpod.oval:def:2004481 HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed oval:org.secpod.oval:def:1504526 nodejs [1:12.16.1-1] - Resolves: RHBZ#1800393, RHBZ#1800394, RHBZ#1800380 - Rebase to 12.16.1 nodejs-nodemon nodejs-packaging oval:org.secpod.oval:def:117829 This package contains the HTTP/2 client, server and proxy programs. oval:org.secpod.oval:def:1502826 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:64006 Oracle Solaris 11 - ( CVE-2019-15605 ) oval:org.secpod.oval:def:89000221 This update for nodejs8 fixes the following issues: Security issues fixed: - CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS server via a crafted certificate string . - CVE-2019-15605: Fixed an HTTP request smuggling vulnerability via malformed Transfer-Encoding header . - CVE-2019 ... oval:org.secpod.oval:def:66769 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs . Security Fix: * nodejs: HTTP request smuggling using malformed Transfer-Encoding head ... oval:org.secpod.oval:def:66529 The http-parser package provides a utility for parsing HTTP messages. It parses both requests and responses. The parser is designed to be used in performance HTTP applications. It does not make any system calls or allocations, it does not buffer data, and it can be interrupted at any time. Depending ... oval:org.secpod.oval:def:117789 libuv is a new platform layer for Node. Its purpose is to abstract IOCP on Windows and libev on Unix systems. We intend to eventually contain all platform differences in this library. oval:org.secpod.oval:def:2105841 Oracle Solaris 11 - ( CVE-2019-15605 ) oval:org.secpod.oval:def:117788 Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. oval:org.secpod.oval:def:117785 This package contains the HTTP/2 client, server and proxy programs. oval:org.secpod.oval:def:205453 The http-parser package provides a utility for parsing HTTP messages. It parses both requests and responses. The parser is designed to be used in performance HTTP applications. It does not make any system calls or allocations, it does not buffer data, and it can be interrupted at any time. Depending ... oval:org.secpod.oval:def:1700328 HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed oval:org.secpod.oval:def:504801 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: rh-nodejs10-nodejs . Security Fix: * nodejs: HTTP request smuggling using malformed Transfer-E ... oval:org.secpod.oval:def:1502831 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:503539 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs . Security Fix: * nodejs: HTTP request smuggling using malformed Transfer-Encoding head ... oval:org.secpod.oval:def:69485 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs . Security Fix: * nodejs: HTTP request smuggling using malformed Transfer-Encoding head ... oval:org.secpod.oval:def:2500123 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. oval:org.secpod.oval:def:604825 Multiple vulnerabilities were discovered in Node.js, which could result in denial of service or HTTP request smuggling. oval:org.secpod.oval:def:1601123 A flaw was found in the Node.js code where a specially crafted HTTP request sent to a Node.js server failed to properly process the HTTP headers, resulting in a request smuggling attack. An attacker can use this flaw to alter a request sent as an authenticated user if the Node.js server is deployed ... oval:org.secpod.oval:def:63513 Multiple vulnerabilities were discovered in Node.js, which could result in denial of service or HTTP request smuggling. |
