Executive Summary

Informations
NameCVE-2017-15896First vendor Publication2017-12-11
VendorCveLast vendor Modification2019-10-02

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:N)
Cvss Base Score6.4Attack RangeNetwork
Cvss Impact Score4.9Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSL_read() due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS authentication and encryption.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15896

CPE : Common Platform Enumeration

TypeDescriptionCount
Application23

Nessus® Vulnerability Scanner

DateDescription
2017-12-15Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_bea84a7ae0c911e7b4f311baa0c2df21.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
CONFIRM https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/

Alert History

If you want to see full details history, please login or register.
0
1
2
3
DateInformations
2019-10-03 09:20:09
  • Multiple Updates
2017-12-29 17:22:03
  • Multiple Updates
2017-12-16 13:23:35
  • Multiple Updates
2017-12-12 05:20:23
  • First insertion