Published: 07/04/2016 Updated: 01/07/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 391

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

The HTTP header parsing code in Node.js 0.10.x prior to 0.10.42, 0.11.6 up to and including 0.11.16, 0.12.x prior to 0.12.10, 4.x prior to 4.3.0, and 5.x prior to 5.6.0 allows remote malicious users to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as demonstrated by %c4%8d%c4%8a.

Vulnerable Product	Search on Vulmon	Subscribe to Product
nodejs node.js 5.3.0
nodejs node.js 5.2.0
nodejs node.js 4.2.2
nodejs node.js 4.2.1
nodejs node.js 0.12.8
nodejs node.js 0.12.7
nodejs node.js 0.12.0
nodejs node.js 0.11.16
nodejs node.js 0.11.15
nodejs node.js 0.11.8
nodejs node.js 0.11.7
nodejs node.js 0.10.41
nodejs node.js 0.10.40
nodejs node.js 0.10.33
nodejs node.js 0.10.32
nodejs node.js 5.1.1
nodejs node.js 5.1.0
nodejs node.js 5.0.0
nodejs node.js 4.2.0
nodejs node.js 4.1.2
nodejs node.js 0.12.6
nodejs node.js 0.12.5
nodejs node.js 0.11.14
nodejs node.js 0.11.13
nodejs node.js 0.11.6
nodejs node.js 0.10.9
nodejs node.js 0.10.4
nodejs node.js 0.10.39
nodejs node.js 0.10.31
nodejs node.js 0.10.30
nodejs node.js 0.10.24
nodejs node.js 0.10.23
nodejs node.js 0.10.17
nodejs node.js 0.10.16-isaacs-manual
nodejs node.js 0.10.1
nodejs node.js 0.10.0
nodejs node.js 0.10.26
nodejs node.js 0.10.25
nodejs node.js 0.10.19
nodejs node.js 0.10.18
nodejs node.js 0.10.11
nodejs node.js 0.10.10
nodejs node.js 5.4.1
nodejs node.js 5.4.0
nodejs node.js 4.2.4
nodejs node.js 4.2.3
nodejs node.js 4.0.0
nodejs node.js 0.12.9
nodejs node.js 0.12.2
nodejs node.js 0.12.1
nodejs node.js 0.11.10
nodejs node.js 0.11.9
nodejs node.js 0.10.6
nodejs node.js 0.10.5
nodejs node.js 0.10.36
nodejs node.js 0.10.35
nodejs node.js 0.10.34
nodejs node.js 0.10.28
nodejs node.js 0.10.27
nodejs node.js 0.10.20
nodejs node.js 0.10.2
nodejs node.js 0.10.13
nodejs node.js 0.10.12
nodejs node.js 5.5.0
nodejs node.js 4.2.6
nodejs node.js 4.2.5
nodejs node.js 4.1.1
nodejs node.js 4.1.0
nodejs node.js 0.12.4
nodejs node.js 0.12.3
nodejs node.js 0.11.12
nodejs node.js 0.11.11
nodejs node.js 0.10.8
nodejs node.js 0.10.7
nodejs node.js 0.10.38
nodejs node.js 0.10.37
nodejs node.js 0.10.3
nodejs node.js 0.10.29
nodejs node.js 0.10.22
nodejs node.js 0.10.21
nodejs node.js 0.10.16
nodejs node.js 0.10.15
nodejs node.js 0.10.14
fedoraproject fedora 23
fedoraproject fedora 22

The HTTP header parsing code in Nodejs 010x before 01042, 0116 through 01116, 012x before 01210, 4x before 430, and 5x before 560 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as demonstrated by %c4%8d%c4%8a ...

node as shared-library

Nodejs is a JavaScript runtime built on Chrome's V8 JavaScript engine Nodejs uses an event-driven, non-blocking I/O model that makes it lightweight and efficient The Nodejs package ecosystem, npm, is the largest ecosystem of open source libraries in the world The Nodejs project is supported by the Nodejs Foundation Contributions, policies, and releases are managed

My Discord Bot

Nodejs is a JavaScript runtime built on Chrome's V8 JavaScript engine For more information on using Nodejs, see the Nodejs Website The Nodejs project is supported by the Nodejs Foundation Contributions, policies, and releases are managed under an open governance model This project is bound by a Code of Conduct Table of Contents Support Release Types Download C

npmreadme Nodejs is a JavaScript runtime built on Chrome's V8 JavaScript engine For more information on using Nodejs, see the Nodejs Website The Nodejs project is supported by the Nodejs Foundation Contributions, policies, and releases are managed under an open governance model This project is bound by a Code of Conduct Table of Contents Support Rel

este es otra version del proyecto final pero con ventanas tipo modal

Nodejs is a JavaScript runtime built on Chrome's V8 JavaScript engine For more information on using Nodejs, see the Nodejs Website The Nodejs project uses an open governance model The Nodejs Foundation provides support for the project This project is bound by a Code of Conduct Table of Contents Support Release Types Download Current and LTS Releases Nightly Re

speed up nodejs booting using snapshot

Second phase 3.

el ejemplo que hemos estado haciendo en clase de laboratorio de computacion para UTN

DebugAwait function, which facilities debugging of unfinished awaits and unawaited promises from async functions.

外包项目

A fork of Node.js. Humans before technology.

Ayojs (Note: Ayojs is forked from Nodejs Currently, a lot of the documentation still points towards the Nodejs repository) Ayojs is a JavaScript runtime built on Chrome's V8 JavaScript engine It uses an event-driven, non-blocking I/O model that makes it lightweight and efficient Ayojs, like the rest of the JavaScript implementations, benefits from the npm packag

Tracer extension to V8 in node.js.

DROWN-ing Xcode developer? Apple's thrown you a lifebelt

The Register • Richard Chirgwin • 30 Oct 2016

iCloud and iTunes on Windows also need patching

Apple has published security updates for Xcode, iCloud for Windows, and iTunes for Windows. Xcode 8.1 plugs holes the Xcode server inherited from Chrome, OpenSSL and node.js. Apple's announcement is here. There's a bunch of OpenSSL patches to start with: CVE-2015-6764 and CVE-2016-1669 are bugs inherited from Google Chrome code. CVE-2016-2086, CVE-2016-2216 and CVE-2015-8027 splat bugs in node.js. Cupertino has also updated iCloud for Windows against two bugs: CVE-2016-4613, reported by Google s...

CVE-2016-2216

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect