HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
History
07 Mar 2024, 21:24
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:* |
07 Nov 2023, 03:05
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
16 Nov 2022, 02:55
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20200221-0004/ - Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2020:0598 - Third Party Advisory | |
References | (DEBIAN) https://www.debian.org/security/2020/dsa-4669 - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CT3WTR4P5VAJ3GJGKPYEDUPTNZ3IEDUR/ - Mailing List, Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2020:0708 - Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2020:0579 - Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2020:0597 - Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html - Mailing List, Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2020:0573 - Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2020:0707 - Third Party Advisory | |
References | (N/A) https://www.oracle.com/security-alerts/cpuapr2020.html - Patch, Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2020:0703 - Third Party Advisory | |
References | (GENTOO) https://security.gentoo.org/glsa/202003-48 - Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2020:0602 - Third Party Advisory | |
CPE | cpe:2.3:a:oracle:graalvm:20.0.0:*:*:*:enterprise:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm:19.3.1:*:*:*:enterprise:*:*:* cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:* cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* |
|
First Time |
Fedoraproject fedora
Oracle graalvm Redhat Redhat enterprise Linux Eus Redhat enterprise Linux Server Aus Opensuse leap Redhat enterprise Linux Desktop Debian Redhat enterprise Linux Server Tus Redhat enterprise Linux Server Redhat enterprise Linux Redhat software Collections Fedoraproject Debian debian Linux Oracle Redhat enterprise Linux Workstation Opensuse |
Information
Published : 2020-02-07 15:15
Updated : 2024-03-07 21:24
NVD link : CVE-2019-15605
Mitre link : CVE-2019-15605
CVE.ORG link : CVE-2019-15605
JSON object : View
Products Affected
redhat
- software_collections
- enterprise_linux_server_tus
- enterprise_linux_desktop
- enterprise_linux_server
- enterprise_linux_workstation
- enterprise_linux_server_aus
- enterprise_linux
- enterprise_linux_eus
oracle
- graalvm
opensuse
- leap
nodejs
- node.js
debian
- debian_linux
fedoraproject
- fedora
CWE
CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')