Executive Summary

Informations
NameCVE-2018-12116First vendor Publication2018-11-28
VendorCveLast vendor Modification2019-07-22

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Cvss Base Score5Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to made to the same server.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12116

CWE : Common Weakness Enumeration

%idName
100 %CWE-444Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

CPE : Common Platform Enumeration

TypeDescriptionCount
Application119
Application1
Os2
Os2

Nessus® Vulnerability Scanner

DateDescription
2018-12-28Name : Node.js - JavaScript run-time environment is affected by multiple vulnerabili...
File : nodejs_2018_nov.nasl - Type : ACT_GATHER_INFO
2018-12-10Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_2a86f45afc3c11e8a41400155d006b02.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
CONFIRM https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
REDHAT https://access.redhat.com/errata/RHSA-2019:1821

Alert History

If you want to see full details history, please login or register.
0
1
2
3
DateInformations
2019-07-22 21:19:33
  • Multiple Updates
2019-02-12 12:04:50
  • Multiple Updates
2018-12-27 00:21:35
  • Multiple Updates
2018-11-28 21:19:50
  • First insertion