Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv2

CVE-2016-4055

Published: 23/01/2017 Updated: 07/11/2023
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 695
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Subscribe to Moment

Vulnerability Summary

The duration function in the moment package prior to 2.11.2 for Node.js allows remote malicious users to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)."

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

momentjs moment

tenable nessus

oracle primavera unifier

Vendor Advisories

Red Hat: CVE-2016-4055
The duration function in the moment package before 2112 for Nodejs allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)" ...
Tenable Security Advisories: [R1] Nessus 8.3.0 Fixes Multiple Third-party Vulnerabilities
Nessus leverages third-party software to help provide underlying functionality Two separate third-party components (OpenSSL and Momentjs) were found to contain vulnerabilities, and updated versions have been made available by the providers Out of caution and in line with good practice, Tenable opted to upgrade the bundled libraries to address ...

Github Repositories

https://github.com/nccasia/web-secure

web-secure

web-secure ISO27001 Nullify Slow HTTP POST vulnerability External Security Review Finding The web server is possibly vulnerable to a "slow HTTP POST" Denial of Service (DoS) attack This is an application-level DoS that consumes server resources by maintaining open connections for an extended period of time by slowly sending traffic to the server If the server mainta

https://github.com/sunnyvale-it/cvss-calculator

Since the NIST Network Vulnerability Database (NVD) does not support the CVSS 3 Temporal scoring, the script in this repo tries to implement this functionality

NIST NVD Temporal CVSS 3 score calculator Purpose Since the NIST Network Vulnerability Database (NVD) does not support the CVSS 3 Temporal scoring, the script in this repo implements some logic to add this funcionality For any CVE, the scripts evaluates all the references recorded into NVD itself and enriches the Base vector string to compute a Temporal score Disclaimer This

References

CWE-400https://nodesecurity.io/advisories/55http://www.openwall.com/lists/oss-security/2016/04/20/11http://www.securityfocus.com/bid/95849http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttps://www.tenable.com/security/tns-2019-02https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3Ehttps://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3Ehttps://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3Ehttps://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3Ehttps://nvd.nist.govhttps://github.com/nccasia/web-securehttps://access.redhat.com/security/cve/cve-2016-4055
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook