HTTP Request Smuggling Vulnerability in Node.js by Node.js Foundation
CVE-2016-2086

7.5HIGH

Key Information:

Vendor

Nodejs

Status
Node.js
Vendor
CVE Published:
7 April 2016

What is CVE-2016-2086?

Certain versions of Node.js are susceptible to HTTP request smuggling attacks, which can be executed by malicious actors through the manipulation of the Content-Length HTTP header. This vulnerability allows remote attackers to bypass security measures, potentially leading to the interception or manipulation of HTTP requests. It is crucial for users and administrators of affected Node.js versions to upgrade to the latest releases to mitigate this security risk.

References

http://lists.fedoraproject.org/pipermail/package-announce...
vendor-advisoryx_refsource_FEDORA
https://nodejs.org/en/blog/vulnerability/february-2016-se...
x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce...
vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.