Node.js 0.10.x prior to 0.10.42, 0.12.x prior to 0.12.10, 4.x prior to 4.3.0, and 5.x prior to 5.6.0 allow remote malicious users to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
nodejs node.js 5.2.0 |
||
nodejs node.js 5.1.1 |
||
nodejs node.js 4.2.1 |
||
nodejs node.js 4.2.0 |
||
nodejs node.js 0.12.7 |
||
nodejs node.js 0.12.6 |
||
nodejs node.js 0.10.9 |
||
nodejs node.js 0.10.8 |
||
nodejs node.js 0.10.38 |
||
nodejs node.js 0.10.37 |
||
nodejs node.js 0.10.30 |
||
nodejs node.js 0.10.3 |
||
nodejs node.js 0.10.23 |
||
nodejs node.js 0.10.22 |
||
nodejs node.js 0.10.16 |
||
nodejs node.js 0.10.15 |
||
nodejs node.js 0.10.0 |
||
nodejs node.js 5.4.0 |
||
nodejs node.js 5.3.0 |
||
nodejs node.js 4.2.4 |
||
nodejs node.js 5.1.0 |
||
nodejs node.js 5.0.0 |
||
nodejs node.js 4.1.2 |
||
nodejs node.js 4.1.1 |
||
nodejs node.js 0.12.5 |
||
nodejs node.js 0.12.4 |
||
nodejs node.js 0.10.7 |
||
nodejs node.js 0.10.6 |
||
nodejs node.js 0.10.36 |
||
nodejs node.js 0.10.35 |
||
nodejs node.js 0.10.29 |
||
nodejs node.js 0.10.28 |
||
nodejs node.js 0.10.21 |
||
nodejs node.js 0.10.20 |
||
nodejs node.js 0.10.14 |
||
nodejs node.js 0.10.13 |
||
nodejs node.js 4.2.3 |
||
nodejs node.js 4.2.2 |
||
nodejs node.js 0.12.9 |
||
nodejs node.js 0.12.8 |
||
nodejs node.js 0.12.1 |
||
nodejs node.js 0.12.0 |
||
nodejs node.js 0.10.4 |
||
nodejs node.js 0.10.39 |
||
nodejs node.js 0.10.32 |
||
nodejs node.js 0.10.31 |
||
nodejs node.js 0.10.25 |
||
nodejs node.js 0.10.24 |
||
nodejs node.js 0.10.17 |
||
nodejs node.js 0.10.16-isaacs-manual |
||
nodejs node.js 0.10.10 |
||
nodejs node.js 0.10.1 |
||
nodejs node.js 5.5.0 |
||
nodejs node.js 5.4.1 |
||
nodejs node.js 4.2.6 |
||
nodejs node.js 4.2.5 |
||
nodejs node.js 4.1.0 |
||
nodejs node.js 4.0.0 |
||
nodejs node.js 0.12.3 |
||
nodejs node.js 0.12.2 |
||
nodejs node.js 0.10.5 |
||
nodejs node.js 0.10.41 |
||
nodejs node.js 0.10.40 |
||
nodejs node.js 0.10.34 |
||
nodejs node.js 0.10.33 |
||
nodejs node.js 0.10.27 |
||
nodejs node.js 0.10.26 |
||
nodejs node.js 0.10.2 |
||
nodejs node.js 0.10.19 |
||
nodejs node.js 0.10.18 |
||
nodejs node.js 0.10.12 |
||
nodejs node.js 0.10.11 |
||
fedoraproject fedora 23 |
||
fedoraproject fedora 22 |
iCloud and iTunes on Windows also need patching
Apple has published security updates for Xcode, iCloud for Windows, and iTunes for Windows. Xcode 8.1 plugs holes the Xcode server inherited from Chrome, OpenSSL and node.js. Apple's announcement is here. There's a bunch of OpenSSL patches to start with: CVE-2015-6764 and CVE-2016-1669 are bugs inherited from Google Chrome code. CVE-2016-2086, CVE-2016-2216 and CVE-2015-8027 splat bugs in node.js. Cupertino has also updated iCloud for Windows against two bugs: CVE-2016-4613, reported by Google s...