CVE-2018-12122
HIGH
7,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high
MEDIUM
5,0
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: none
Confidentiality: none
Integrity: none
Availability: partial
Description
AI Translation Available
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0549
Percentile
0,9th
Updated
EPSS Score Trend (Last 91 Days)
400
Uncontrolled Resource Consumption
DraftCommon Consequences
Security Scopes Affected:
Availability
Access Control
Other
Potential Impacts:
Dos: Crash, Exit, Or Restart
Dos: Resource Consumption (Cpu)
Dos: Resource Consumption (Memory)
Dos: Resource Consumption (Other)
Bypass Protection Mechanism
Other
Applicable Platforms
Technologies:
AI/ML, Not Technology-Specific
Application
Node.Js by Nodejs
Version Range Affected
From
8.0.0
(inclusive)
To
8.14.0
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Suse Enterprise Storage by Suse
CPE Identifier
View Detailed Analysis
cpe:2.3:a:suse:suse_enterprise_storage:4:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Node.Js by Nodejs
Version Range Affected
From
10.0.0
(inclusive)
To
10.14.0
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Node.Js by Nodejs
Version Range Affected
From
11.0.0
(inclusive)
To
11.3.0
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Suse Linux Enterprise Server by Suse
CPE Identifier
View Detailed Analysis
cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Suse Linux Enterprise Server by Suse
CPE Identifier
View Detailed Analysis
cpe:2.3:o:suse:suse_linux_enterprise_server:15:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Suse Openstack Cloud by Suse
CPE Identifier
View Detailed Analysis
cpe:2.3:o:suse:suse_openstack_cloud:8:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Node.Js by Nodejs
Version Range Affected
From
6.0.0
(inclusive)
To
6.15.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Suse Openstack Cloud by Suse
CPE Identifier
View Detailed Analysis
cpe:2.3:o:suse:suse_openstack_cloud:7:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://access.redhat.com/errata/RHSA-2019:1821
https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
https://security.gentoo.org/glsa/202003-48
https://security.netapp.com/advisory/ntap-20241213-0009/
http://www.securityfocus.com/bid/106043
https://access.redhat.com/errata/RHSA-2019:1821
https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
https://security.gentoo.org/glsa/202003-48
http://www.securityfocus.com/bid/106043