[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248364

 
 

909

 
 

195388

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2013-4450Date: (C)2013-10-23   (M)2023-12-22


The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of service (memory and CPU consumption) by sending a large number of pipelined requests without reading the response.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
BID-63229
RHSA-2013:1842
http://www.openwall.com/lists/oss-security/2013/10/20/1
http://blog.nodejs.org/2013/10/18/node-v0-10-21-stable/
http://blog.nodejs.org/2013/10/18/node-v0-8-26-maintenance/
https://github.com/joyent/node/issues/6214
https://github.com/rapid7/metasploit-framework/pull/2548
https://groups.google.com/forum/#%21topic/nodejs/NEbweYB0ei0
https://kb.juniper.net/JSA10783
openSUSE-SU-2013:1863

CPE    47
cpe:/a:nodejs:nodejs:0.8.12
cpe:/a:nodejs:nodejs:0.8.11
cpe:/a:nodejs:nodejs:0.8.10
cpe:/a:nodejs:nodejs:0.10.20
...
CWE    1
CWE-20
OVAL    4
oval:org.secpod.oval:def:106027
oval:org.secpod.oval:def:106045
oval:org.secpod.oval:def:106040
oval:org.secpod.oval:def:106037
...

© SecPod Technologies