Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/106043 | Third Party Advisory VDB Entry |
https://access.redhat.com/errata/RHSA-2019:1821 | Third Party Advisory |
https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/ | Patch Vendor Advisory |
https://security.gentoo.org/glsa/202003-48 | Third Party Advisory |
http://www.securityfocus.com/bid/106043 | Third Party Advisory VDB Entry |
https://access.redhat.com/errata/RHSA-2019:1821 | Third Party Advisory |
https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/ | Patch Vendor Advisory |
https://security.gentoo.org/glsa/202003-48 | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20241213-0009/ |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
13 Dec 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
21 Nov 2024, 03:44
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/bid/106043 - Third Party Advisory, VDB Entry | |
References | () https://access.redhat.com/errata/RHSA-2019:1821 - Third Party Advisory | |
References | () https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/ - Patch, Vendor Advisory | |
References | () https://security.gentoo.org/glsa/202003-48 - Third Party Advisory |
06 Sep 2022, 17:57
Type | Values Removed | Values Added |
---|---|---|
References | (REDHAT) https://access.redhat.com/errata/RHSA-2019:1821 - Third Party Advisory | |
References | (GENTOO) https://security.gentoo.org/glsa/202003-48 - Third Party Advisory | |
CPE | cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:* |
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:* cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:* |
Information
Published : 2018-11-28 17:29
Updated : 2024-12-13 14:15
NVD link : CVE-2018-12122
Mitre link : CVE-2018-12122
CVE.ORG link : CVE-2018-12122
JSON object : View
Products Affected
suse
- suse_enterprise_storage
- suse_linux_enterprise_server
- suse_openstack_cloud
nodejs
- node.js
CWE
CWE-400
Uncontrolled Resource Consumption