Published: 31/05/2018 Updated: 09/10/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455". By sending an overly long websocket payload to a `ws` server, it is possible to crash the node process. This affects ws 1.1.0 and previous versions.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ws project ws

Debian Bug report logs - #927671 CVE-2016-10542 Package: node-ws; Maintainer for node-ws is Debian Javascript Maintainers <pkg-javascript-devel@listsaliothdebianorg>; Source for node-ws is src:node-ws (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sat, 20 Apr 2019 21:48:01 UTC Severi ...

Identifying false positive

False positive details CVE-2016-10542 If java project name contains word ws, owasp dependency check mvn clean orgowasp:dependency-check-maven:332:check returns a vulnerability with severity medium However as perdescription of this vulnerability, it is relevent for node js project FIXED in orgowasp:dependency-check-maven:334

CWE-20 https://nodesecurity.io/advisories/120 https://github.com/nodejs/node/issues/7388 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927671 https://nvd.nist.gov https://github.com/softwaresecurity/owasp-false-positives

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-10542

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect