CVE-2018-12122

Name
CVE-2018-12122
Description
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Patch https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
Third Party Advisory http://www.securityfocus.com/bid/106043
REDHAT https://access.redhat.com/errata/RHSA-2019:1821
GENTOO https://security.gentoo.org/glsa/202003-48

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:* nodejs >= 10.0.0 <= 10.14.0
cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:* nodejs >= 8.0.0 <= 8.14.0
cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:* nodejs >= 6.0.0 <= 6.15.0
cpe:2.3:a:joyent:node.js:*:*:*:*:*:*:*:* node.js >= 11.0.0 <= 11.3.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status