ReDoS Vulnerability in Tough-Cookie Module for Node.js
CVE-2017-15010

7.5HIGH

Key Information:

Vendor: Salesforce
Status: Tough-cookie
Vendor: CVE Published:; 4 October 2017

What is CVE-2017-15010?

A vulnerability was discovered in the tough-cookie module for Node.js prior to version 2.3.3. This flaw can be exploited through specially crafted HTTP requests that include malicious cookies, which may lead to excessive CPU consumption and denial of service. Proper validation and sanitization of cookie data are essential to mitigate the risk associated with this vulnerability.

References

https://access.redhat.com/errata/RHSA-2017:2913

vendor-advisoryx_refsource_REDHAT

https://nodesecurity.io/advisories/525

x_refsource_CONFIRM

http://www.securityfocus.com/bid/101185

vdb-entryx_refsource_BID

EPSS Score

8% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 4, 2017
Vulnerability Reserved
Oct 3, 2017

Salesforce

What is CVE-2017-15010?

References

EPSS Score

CVSS V3.1

Timeline