Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:NODEJS-ZLIBWINDOWSBITS-DOS |
|---|---|
Severity |
Minor |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Node.js Foundation Node.js zlib windowBits Denial of Service |
Release Date |
2018/01/18 |
Update Number |
3027 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Node.js Foundation Node.js zlib windowBits Denial of Service
This signature detects attempts to exploit a known vulnerability in Node.js. Successful exploitation would result in the target system abnormally terminating.
Extended Description
Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter.
Affected Products
- Nodejs node.js 4.8.2
- Nodejs node.js 4.8.3
- Nodejs node.js 4.8.4
- Nodejs node.js 6.10.2
- Nodejs node.js 6.10.3
- Nodejs node.js 6.11.0
- Nodejs node.js 6.11.1
- Nodejs node.js 6.11.2
- Nodejs node.js 6.11.3
- Nodejs node.js 6.11.4
- Nodejs node.js 8.0.0
- Nodejs node.js 8.1.0
- Nodejs node.js 8.1.1
- Nodejs node.js 8.1.2
- Nodejs node.js 8.1.3
- Nodejs node.js 8.1.4
- Nodejs node.js 8.2.0
- Nodejs node.js 8.2.1
- Nodejs node.js 8.3.0
- Nodejs node.js 8.4.0
- Nodejs node.js 8.5.0
- Nodejs node.js 8.6.0
- Nodejs node.js 8.7.0
References
- BugTraq: 101881
- CVE: CVE-2017-14919