Main Vulnerability Database SB2017101824

SB2017101824 - Red Hat Software Collections update for rh-nodejs4-nodejs-tough-cookie

Published: October 18, 2017 Updated: April 24, 2025

Security Bulletin ID SB2017101824

Severity

High

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Input validation error (CVE-ID: CVE-2016-1000232)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the regular expression parsing flaw in HTTP request cookie header parsing. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

2) Incorrect Regular Expression (CVE-ID: CVE-2017-15010)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation when processing regular expressions. A remote attacker that is able to make an HTTP request using a specially crafted cookie may cause the application to consume an excessive amount of CPU.

Remediation

Install update from vendor's website.

References

https://access.redhat.com/errata/RHSA-2017:2912