5
CVSSv2

CVE-2013-4450

Published: 21/10/2013 Updated: 13/08/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 541
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

The HTTP server in Node.js 0.10.x prior to 0.10.21 and 0.8.x prior to 0.8.26 allows remote attackers to cause a denial of service (memory and CPU consumption) by sending a large number of pipelined requests without reading the response.

Affected Products

Vendor Product Versions
NodejsNodejs0.8.0, 0.8.1, 0.8.2, 0.8.3, 0.8.4, 0.8.5, 0.8.6, 0.8.7, 0.8.8, 0.8.9, 0.8.10, 0.8.11, 0.8.12, 0.8.13, 0.8.14, 0.8.15, 0.8.16, 0.8.17, 0.8.18, 0.8.19, 0.8.20, 0.8.21, 0.8.22, 0.8.23, 0.8.24, 0.8.25, 0.10.0, 0.10.1, 0.10.2, 0.10.3, 0.10.4, 0.10.5, 0.10.6, 0.10.7, 0.10.8, 0.10.9, 0.10.10, 0.10.11, 0.10.12, 0.10.13, 0.10.14, 0.10.15, 0.10.16, 0.10.17, 0.10.18, 0.10.19, 0.10.20

Vendor Advisories

Synopsis Moderate: nodejs010-nodejs security update Type/Severity Security Advisory: Moderate Topic Updated nodejs010-nodejs packages that fix one security issue are nowavailable for Red Hat Software Collections 1The Red Hat Security Response Team has rated this update as having moderatesecurity impact A ...
The HTTP server in Nodejs 010x before 01021 and 08x before 0826 allows remote attackers to cause a denial of service (memory and CPU consumption) by sending a large number of pipelined requests without reading the response ...

Metasploit Modules

Node.js HTTP Pipelining Denial of Service

This module exploits a Denial of Service (DoS) condition in the HTTP parser of Node.js versions released before 0.10.21 and 0.8.26. The attack sends many pipelined HTTP requests on a single connection, which causes unbounded memory allocation when the client does not read the responses.

msf > use auxiliary/dos/http/nodejs_pipelining
      msf auxiliary(nodejs_pipelining) > show actions
            ...actions...
      msf auxiliary(nodejs_pipelining) > set ACTION <action-name>
      msf auxiliary(nodejs_pipelining) > show options
            ...show and set options...
      msf auxiliary(nodejs_pipelining) > run

Github Repositories

layout permalink quick_assessment name website logo1 logo2 logo1_usage benefit procurement_guidance procurement_references usg_instances managed_by managed_by_url license_url about_url issue_tracker_url src_code_url stable_release stable_release_url commercial_support_url us_cert_recent security videos listing2 /node

searchlight Nodejs middleware for creating applications that find VIVO profiles relevant to content in the user's browser ##About To learn more about searchlight and how it's been used - check out our about page ##Documentation ###Installation Install nodejs version 0126 $ git clone gitgithubcom/ragle/searchlight $ cd searchlight $ npm install ###Quic