Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Node.js Multiple Vulnerabilities-Nov18 (Windows)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The host is installed with Node.js and is prone to multiple vulnerabilities.
Insight
Insight
Multiple flaws are due to, - An error in Hostname spoofing in URL parser for javascript protocol, If a Node.js is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case 'javascript:', - An error in Slowloris HTTP, An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time and - Denial of Service with large HTTP headers, By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure.
Affected Software
Affected Software
Node.js All versions prior to 6.15.0, 8.14.0, 10.14.0 and 11.3.0 on Windows.
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
Upgrade to Node.js 6.15.0, 8.14.0, or 10.14.0, 11.3.0 or later. Please see the references for more information.