Denial of Service Vulnerability in Node.js by Joyent
CVE-2015-7384

7.5HIGH

Key Information:

Vendor

Nodejs

Status
Node.js
Vendor
CVE Published:
10 October 2017

What is CVE-2015-7384?

A vulnerability in specific versions of Node.js enables remote attackers to exploit the system, potentially leading to a denial of service. The affected versions, 4.0.0, 4.1.0, and 4.1.1, suffer from design flaws that can be leveraged to overload the server, resulting in unavailability for legitimate users. Addressing these issues promptly is crucial for maintaining robust server performance and security.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1268791
x_refsource_CONFIRM
https://github.com/nodejs/node/issues/3138
x_refsource_CONFIRM
http://www.securityfocus.com/bid/101260
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.