Main Vulnerability Database Vulnerabilities #VU65275

#VU65275 Inconsistent interpretation of HTTP requests in Node.js - CVE-2022-32213

Published: July 13, 2022 / Updated: July 13, 2022

Vulnerability identifier: #VU65275

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-32213

CWE-ID: CWE-444

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Node.js

Software vendor:
Node.js Foundation

Description

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to improper validation of HTTP requests. A remote attacker can send a specially-crafted request to lead to HTTP Request Smuggling to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.

Remediation

Install updates from vendor's website.

External links

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-answer-retrieval-for-watson-discovery-is-vulnerable-to-http-request-smuggling-due-to-nodejs/

#VU65275 Inconsistent interpretation of HTTP requests in Node.js - CVE-2022-32213

Description

Remediation

External links

Please verify you're human