Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2017-16005

Published: 04/06/2018 Updated: 09/10/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Joyent

Vulnerability Summary

Http-signature is a "Reference implementation of Joyent's HTTP Signature Scheme". In versions <=0.9.11, http-signature signs only the header values, but not the header names. This makes http-signature vulnerable to header forgery. Thus, if an attacker can intercept a request, he can swap header names and change the meaning of the request without changing the signature.

Vulnerable Product Search on Vulmon Subscribe to Product

joyent http-signature

Vendor Advisories

Red Hat: CVE-2017-16005
Http-signature is a "Reference implementation of Joyent's HTTP Signature Scheme" In versions &lt;=0911, http-signature signs only the header values, but not the header names This makes http-signature vulnerable to header forgery Thus, if an attacker can intercept a request, he can swap header names and change the meaning of the request without ...

References

CWE-347https://nodesecurity.io/advisories/318https://github.com/joyent/node-http-signature/issues/10https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2017-16005
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionSSRFbuffer overflowCVE-2023-28952CVE-2023-41822CVE-2024-27956CVE-2023-7028CVE-2024-34447CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook